Operation, administration, and maintenance (OAM) features 2-137

Users with UPC 1 through 3 will not be allowed to log in if their passwords have expired. There are two password modes for level 1 through 3 accounts: ‘Assigned’ and ‘Valid’.

A user password is in ‘Assigned’ mode when the system administrator was the last person to change the password (that is, initial account creation or user forgot password). At this point, the system administrator and the user both know the password. The user is expected to change his/her password to one that only he/she knows.

A user password is in ‘Valid’ mode when the user password was last changed by the user (that is, in this situation, the user is the only person who knows the password).

The following intervals are provisionable by a level 4 or 5 user to support password aging:

Password Expiry Period: the length of time after which the password is no longer valid.

Password Validation Period: if the system administrator is the last person to change the password (for example, initial creation of account or user forgot password), the period of time a user has to change the password before it expires.

Password Warning Period: the number of days prior to password expiration that is presented in a warning message upon logging into the network element.

Password Change Period: a specified minimum waiting period before an existing password can be updated.

Temporary Accounts

You can use the password aging feature to implement a temporary user account feature. A temporary account is specified upon creation and denies the user access when the password expires. A temporary account is created by enabling password expiry, disabling password validation, and setting the password change period one day longer than the password expiry period. These settings force the expiry of the password before it can be changed.

For information about the Challenge Response Authentication Protocol, see Centralized Security Administration (CSA) on page 2-124.

Customer managed networks

This feature provides transport functionality that allows security of the SDCC network and allows you to block a customer node from another customer’s node at a level beyond Userid and Passwords in the network. This functionality adds an extra layer of security and lowers the potential of intrusion to blocked nodes.

Planning and Ordering Guide—Part 1 of 2 NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004

Page 174 Page 176
Page 175
Image 175
Nortel Networks 3500, NTRN10AN manual Customer managed networks, Temporary Accounts
Page 174 Page 176
Top Page Image Contents