Deployment Guide
allowed values is from 1 through 40. The default value is 1. When set to 1, sequential characters
are not enforced.
• Reverse
Activates or deactivates the validation check to determine whether the password is an exact reverse
string of the user name. This option is disabled by default.
Example of a password strength policy
The following example shows a password strength policy that requires passwords to contain at least 3
uppercase characters, 4 lowercase characters, and 2 numeric digits; the minimum length of the
password is 9 characters. The password cannot be an exact reverse string of the username.
switch:admin> passwdcfg --set -uppercase 3 -lowercase 4 -digits 2 -minlength 9 -
reverse 1
Password history policy
The password history policy prevents users from recycling recently used passwords, and is enforced
across all user accounts when users are setting their own passwords. The password history policy is
enforced only when a new password is defined.
Specify the number of past password values that are disallowed when setting a new password.
Allowable password history values range from 0 through 24. If the value is set to 0, the new password
cannot be set to the current password, but can be set to the most recent password. The default value
is 1, which means the current and one previous password cannot be reused. The value 2 indicates
that the current and the two previous passwords cannot be used (and so on, up to 24 passwords).
This policy does not verify that a new password meets a minimal standard of difference from prior
passwords; rather, it only determines whether or not a newly specified password is identical to one of
the specified number (1-24) of previously used passwords.
The password history policy is not enforced when an administrator sets a password for another user;
instead, the user’s password history is preserved and the password set by the administrator is
recorded in the user’s password history.
Password expiration policy
The password expiration policy forces the expiration of a password after a configurable period of time.
The expiration policy can be enforced across all user accounts or on specified users only. A warning
that password expiration is approaching is displayed when the user logs in. When a password expires,
the user must change the password to complete the authentication process and open a user session.
You can specify the number of days prior to password expiration during which warnings will
commence. Password expiration does not disable or lock out the account.
Use the following attributes to the passwdCfg command to set the password expiration policy:
• MinPasswordAge
Specifies the minimum number of days that must elapse before a user can change a password.
MinPasswordAge values range from 0 through 999. The default value is zero. Setting this
parameter to a nonzero value discourages users from rapidly changing a password in order to
circumvent the password history setting to select a recently used password. The MinPasswordAge
policy is not enforced when an administrator changes the password for another user.
• MaxPasswordAge
Password history policy
142 Fabric OS Administrators Guide
53-1003130-01