Brocade Communications Systems 53-1001763-02 Password history policy

92 Fabric OS Administrator’s Guide

53-1001763-02

Password policies

•MinLength

Specifies the minimum length of the password. The minimum can be from 8 to 40 characters.

New passwords must be between the minimum length specified and 40 characters. The

default value is 8. The maximum value must be greater than or equal to the MinLength value.

•Repeat

Specifies the length of repeated character sequences that will be disallowed. For example, if

the “repeat” value is set to 3, a password “passAAAword” is disallowed because it contains the

repeated sequence “AAA”. A password of “passAAword” would be allowed because no repeated

character sequence exceeds two characters. The range of allowed values is 1 – 40. The

default value is 1.

•Sequence

Specifies the length of sequential character sequences that will be disallowed. A sequential

character sequence is defined as a character sequence in which the ASCII value of each

contiguous character differs by one. The ASCII value for the characters in the sequence must

all be increasing or decreasing. For example, if the “sequence” value is set to 3, a password

“passABCword” is disallowed because it contains the sequence “ABC”. A password of

“passABword” would be allowed because it contains no sequential character sequence

exceeding two characters. The range of allowed values is 1 – 40. The default value is 1.

Example of a password strength policy

The following example shows a password strength policy that requires passwords to contain at

least 3 uppercase characters, 4 lowercase characters and 2 numeric digits; the minimum

length of the password is 9 characters.

passwdcfg --set -uppercase 3 -lowercase 4 -digits 2 -minlength 9

Password history policy

The password history policy prevents users from recycling recently used passwords, and is

enforced across all user accounts when users are setting their own passwords. The password

history policy is enforced only when a new password is defined.

Specify the number of past password values that are disallowed when setting a new password.

Allowable password history values range between 0 and 24. If the value is set to 0, it means that

the new password cannot be set to current password, but can be set to 1 previous password. The

default value is 1, which means the current and one previous password cannot be reused. The

value 2 indicates that the current and the two previous passwords cannot be used (and so on, up

to 24 passwords).

This policy does not verify that a new password meets a minimal standard of difference from prior

passwords, rather, it only determines whether or not a newly-specified password is identical to one

of the specified number (1-24) of previously used passwords.

The password history policy is not enforced when an administrator sets a password for another

user; instead, the user’s password history is preserved and the password set by the administrator

is recorded in the user’s password history.