Polycom RMX 1500, DOC2702A Defining Password Change Frequency, Forcing Password Change, Temporary User Lockout, User Lockout

Polycom RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide

15-12 Polycom, Inc.

Defining Password Change Frequency

The frequency with which a user can change a password is determined by the value of the

MIN_PWD_CHANGE_FREQUENCY_IN_DAYS System Flag. The value of the flag is the

number of days that users must retain a password.

• Possible retention period is between 0 and 7 days. In Ultra Secure Mode the retention

period is between 1 (default) and 7.

•If the System Flag is set to 0, users do not have to change their passwords. The System

Flag cannot be set to 0 when the RMX is in Ultra Secure Mode.

• If a user attempts to change a password within the time period specified by this flag, an

error, Password change is not allowed before defined min time has passed, is displayed.

An administrator can assign a new password to a user at any time.

When the system is in Ultra Secure Mode the user is forced to change his/her password as

follows:

• After modifying the value of the ULTRA_SECURE_MODE System Flag to YES, all

RMX users are forced to change their Login passwords.

• When an administrator creates a new user, the user is forced to change his/her

password on first Login.

• If an administrator changes a users User ID name, that user is forced to change his/her

password on his/her next Login.

• If a user logs in using his/her old or default password, the Login attempt will fail. An

error, User must change password, is displayed.

• Changes made by the administrator to any of the Strong Password enforcement System

Flags render users’ passwords invalid.

Example: A user is logged in with a fifteen character password. The administrator changes

the value of the MIN_PASSWORD_LENGTH System Flag to 20.

The next time the user tries to log in, he/she is forced to change his/her password to meet

the updated Strong Password requirements.

When the ULTRA_SECURE_MODE System Flag is set to YES, Temporary User Lockout is

implemented as a defense against Denial of Service Attacks or Brutal Attacks. Such attacks

usually take the form of automated rapid Login attempts with the aim of gaining access to or

rendering the target system (any network entity) unable to respond to users.

If a user tries to log in to the system and the Login is unsuccessful, the user’s next Login

attempt only receives a response from the RMX after 4 seconds.

User Lockout can be enabled to lock a user out of the system after three consecutive Login

failures with same User Name. The user is disabled and only the administrator can enable the

user within the system. User Lockout is enabled when the USER_LOCKOUT System Flag is

set to YES.

If the user tries to login while the account is locked, an error message, Account is disabled, is

displayed.

User Lockout is an Audit Event.