Fabric OS Administrator’s Guide 91
53-1001763-02
Password policies 5

Password policies

The password policies described in this section apply to the local switch user database only.
Configured password policies (and all user account attribute and password state information) are
synchronized across CPs and remain unchanged after an HA failover. Password policies can also be
manually distributed across the fabric (see “Local account database distribution” on page 90).
Following is a list of the configurable password policies:
Password strength
Password history
Password expiration
Account lockout
All password policies are enforced during logins to the standby CP. However, you may observe that
the password enforcement behavior on the standby CP is inconsistent with prior login activity
because password state information from the active CP is automatically synchronized with the
standby CP, thereby overwriting any password state information that was previously stored there.
Also, password changes are not permitted on the standby CP.
Password authentication policies configured using the passwdCfg command are not enforced
during initial prompts to change default passwords.

Password strength policy

The password strength policy is enforced across all user accounts, and enforces a set of format
rules to which new passwords must adhere. The password strength policy is enforced only when a
new password is defined. The total of the other password strength policy parameters (lowercase,
uppercase, digits, and punctuation) must be less than or equal to the value of the MinLength
parameter.
Use the following attributes to set the password strength policy:
Lowercase
Specifies the minimum number of lowercase alphabetic characters that must appear in the
password. The default value is zero. The maximum value must be less than or equal to the
MinLength value.
Uppercase
Specifies the minimum number of uppercase alphabetic characters that must appear in the
password. The default value is zero. The maximum value must be less than or equal to the
MinLength value.
Digits
Specifies the minimum number of numeric digits that must appear in the password. The
default value is zero. The maximum value must be less than or equal to the MinLength value.
Punctuation
Specifies the minimum number of punctuation characters that must appear in the password.
All printable, non-alphanumeric punctuation characters except the colon ( : ) are allowed. The
default value is zero. The maximum value must be less than or equal to the MinLength value.