Data ONTAP provides the options to control password rules. You can specify password requirements such as how a check for password composition is performed and what the maximum or minimum number of characters is for a password.
| Password rule option | Description |
|---|---|
| security.passwd.firstlogin.enable {on|off} | Specifies whether new users, and users logging in for the first time after another user has changed their password, must change their password. The default value for this option is off.
Note: If you enable this option, you must ensure that all groups have the login-telnet and cli-passwd* capabilities. Users in groups that do not have these capabilities cannot log in to the storage system.
|
| security.passwd.lockout.numtries num | Specifies the number of allowable login attempts before a user’s account is disabled. The default value for this option is 4,294,967,295. |
| security.passwd.rules.enable {on|off} | Specifies whether a check for password composition is performed when new passwords are specified. If this option is set to on, passwords are checked against the rules specified in this table, and the password is rejected if it doesn’t pass the check. If this option is set to off, the check is not performed. The default value for this option is on . By default, this option does not apply to the users “root” or “Administrator” (the NT Administrator account). |
| security.passwd.rules.everyone {on|off} | Specifies whether a check for password composition is performed for the “root” and “Administrator” users. If the security.passwd.rules.enable option is set to off , this option does not apply. The default value for this option is off . |
| security.passwd.rules.history num | Specifies the number of previous passwords that are checked against a new password to disallow repeats. The default value for this option is 0, which means that repeat passwords are allowed. |
| security.passwd.rules.maximum max_num | Specifies the maximum number of characters a password can have. Note:
This option can be set to a value greater than 16, but a maximum of 16 characters are used to match the password. Users with passwords longer than 14 characters will not be able to log in via the Windows interfaces, so if you are using Windows, do not set this option higher than 14. The default value for this option is 256. |
| security.passwd.rules.minimum min_num | Specifies the minimum number of characters a password must have. The default value for this option is 8. |
| security.passwd.rules.minimum. alphabetic min_num | Specifies the minimum number of alphabetic characters a password must have. The default value for this option is 2. |
| security.passwd.rules.minimum.digit min_num | Specifies the minimum number of digit characters a password must have. These are numbers from 0 to 9. The default value for this option is 1. |
| security.passwd.rules.minimum.symbol min_num | Specifies the minimum number of symbol characters (white space and punctuation characters) a password must have. The default value for this option is 0. |