No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Administrator Guide

OceanStor 2800 V5 V500R007

This document is applicable to OceanStor 2800 V5. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Security Policy for System User

Configuring a Security Policy for System User

You can set the username and password policies to control the username and password complexity of new accounts. The login policy enables the system to lock the accounts with security exceptions.

Context

The storage system supports the following password policies to ensure account security.

  • The storage system supports strong password complexity to prevent brute-force password cracking.
  • Passwords must be encrypted before they are stored and transferred.
  • Passwords can be changed only after authentication and users can only change their own passwords.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Permission Settings > Security Policies.
    1. On the navigation bar, click Settings.
    2. In the Basic Service Settings area on the function pane, click Permission Settings.

      The Security Policies page is displayed.

    3. In the left navigation tree, select Security Policies.

      The Security Policies page is displayed.

  3. Configure the user name, password, login, and account audit policies. Table 5-1, Table 5-2, Table 5-3, and Table 5-4 describe related parameters.
    Table 5-1 User name policy

    Parameter

    Description

    Value

    Min. length

    Minimum length of a user name. The user name cannot be too simple.

    [Value range]

    The value is an integer ranging from 5 to 32.

    [Example]

    6

    Table 5-2 Password policies

    Parameter

    Description

    Value

    Min. Length

    Minimum length of a password, avoiding too short passwords.

    [Value range]

    The value is an integer ranging from 8 to 32.

    [Example]

    8

    Max. Length

    Maximum length of a password, avoiding too long passwords.

    [Value range]

    The value is an integer ranging from 8 to 32.

    [Example]

    16

    Complexity

    Complexity of the password, avoiding too simple passwords.

    [Value range]

    The password must contain special characters and at least two types among uppercase letters, lowercase letters, and digits, or the password must contain special characters, uppercase letters, lowercase letters, and digits.

    [Example]

    The password must contain special characters and at least two types among uppercase letters, lowercase letters, and digits.

    Number of Duplicate Characters

    Maximum number of consecutive same characters in a password.

    [Value range]

    The value is not restricted or the value is an integer ranging from 1 to 9.

    [Example]

    3

    Number of Retained Historical Passwords

    Number of historical passwords retained for a user. The new password must be different from the historical passwords. If the value is 0, there is no restriction.

    [Value range]

    The value is an integer ranging from 0 to 30.

    [Example]

    3

    Password Validity Period (days)

    Setting of a password's validity period.

    After Password Validity Period (days) is enabled, you must set the days in which a password is valid. After the validity period of the password expires, the system prompts you to change the password in a timely manner.

    NOTE:

    If this parameter is not selected, the password will never expire. To ensure storage system security, you are advised to select and set this parameter.

    [Value range]

    The value is an integer ranging from 1 to 999.

    [Example]

    90

    Password Expiration Warning Period (days)

    Number of days prior to password expiration that the user receives a warning message.

    [Value range]

    The value is an integer ranging from 1 to 99.

    [Example]

    7

    Password Change Interval (minutes)

    Minimum lifespan of a new password.

    [Value range]

    The value is an integer ranging from 1 to 9999.

    [Example]

    5

    The new password cannot be the default password.

    The new password of the super administrator admin cannot be the default password.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    Table 5-3 Login policies

    Parameter

    Description

    Value

    Session Timeout Duration (minutes)

    Duration after which the system indicates timeout if a logged-in user performs no operations during the period. After you click OK in the event of timeout, the system returns to the login page.

    [Value range]

    The value is an integer ranging from 1 to 100.

    [Example]

    30

    Password Lock

    Locks a user if the count of consecutively inputting incorrect passwords by the user exceeds Number of Incorrect Passwords within 10 minutes.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    Number of Incorrect Passwords

    Times allowed for consecutively entering incorrect passwords. The system automatically locks a user if the times of consecutively inputting incorrect passwords by the user exceed Number of Incorrect Passwords.

    NOTE:
    • This parameter is available only when Password Lock is enabled.
    • After a user is locked, the super administrator can manually unlock the user. If Lock Mode is set to Temporary, the user will be automatically unlocked when the unlock time arrives.

    [Value range]

    The value is an integer ranging from 1 to 9.

    [Example]

    3

    Lock Mode

    Mode of automatically locking a user.

    • In Permanent mode, administrators and read-only users are locked permanently. The super administrator will be automatically unlocked after 15 minutes.
    • In Temporary mode, you can set a duration of locking administrators and read-only users.

    [Value range]

    Temporary or Permanent

    [Example]

    Temporary

    Automatic Unlock in (minutes)

    Duration of locking a user. After the lock duration expires, the locked user is automatically unlocked.

    • This parameter is available only when Password Lock is enabled and Lock Mode is Temporary.
    • This parameter is available to automatic lock only. This parameter is unavailable if a user is manually locked. The user can be manually unlocked only.
    • For V500R007C20 and earlier versions:

      The automatic unlock time takes effect only for administrators and read-only users. In both Permanent and Temporary modes, the system automatically unlocks super administrators 15 minutes after they are locked.

    • For V500R007C30 and later:
      • If Automatic Unlock in (minutes) is a value between 3 and 15, the automatic unlock time takes effect for super administrators, administrators, and read-only users.
      • If Automatic Unlock in (minutes) is a value between 16 and 2000, the automatic unlock time takes effect only for administrators and read-only users. The system automatically unlocks super administrators 15 minutes after they are locked.

    [Value range]

    The value is an integer ranging from 3 to 2000.

    [Example]

    15

    Lock Account When Idle

    A system account will be locked if it is not used for login and the idle period exceeds the specified days.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    Idle Period (days)

    Idle days of a system account.

    [Value range]

    The value is an integer ranging from 1 to 999.

    [Example]

    60

    Login Security Info

    After a user login, information about the last login (including the login time and IP address) is displayed.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    User-Defined Info

    After an account's successful login, an alarm is displayed indicating the preset information.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    Info

    The information to prompt the successful login of user account.

    [Value range]

    The information contains 1 to 511 characters.

    [Example]

    Login successful

    Table 5-4 Account audit policies

    Parameter

    Description

    Value

    User Account Audit

    Periodically audits the number and permission of user accounts to ensure account security.

    [Value range]

    Enable or Disable

    [Example]

    Enable

    Audit Period (days)

    Period of auditing the user accounts.

    [Value range]

    The value is an integer ranging from 0 to 999.

    [Default]

    120

  4. Confirm the security policy configuration.
    1. Click Save.

      The Execution Results dialog box is displayed, indicating that the security policy configuration succeeds.

    2. Click Close.
Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181576

Views: 18584

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next