No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage 8.0.0 Block Storage Security Configuration Guide 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Policies

Security Policies

This section describes the default account password rules, password validity period, account deletion method, account locking policy, and account security policy configuration method.

Table 4-4 describes the default account password rules, password validity period, account deletion method, and account locking policy.

Table 4-4 Account security policies

Account

Default Password Rule

Default Password Validity Period (Days)

Account Deletion Method

Account Locking Policy

root

  • Contains at least eight characters.
  • Contains at least three types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
    • Special characters: space and `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
  • Differs from the user name and its reverse order.
  • Differs from any of the last five passwords.
  • Differs from any word in dictionaries.

Permanent

This account is an administrator account and cannot be deleted.

Three consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after five minutes.

dsware

90

  1. Use a KVM tool to log in to a node as user root.
  2. Run the userdel dsware command to delete the account.

fsadmin

90

  1. Use a KVM tool to log in to a node as user root.
  2. Run the userdel fsadmin command to delete the account.

ibc_os_hs

  • Contains at least six characters.
  • Contains at least three types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
    • Special characters: space and `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
  • Differs from the user name.

Permanent

  1. Use a KVM tool to log in to a node as user root.
  2. Run the userdel command to delete the account.
NOTE:

After the account is deleted, alarm information cannot be dumped, leading to alarm loss risks. Therefore, you are advised not to perform this operation.

Three consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after five minutes.

omm

  • Contains at least eight characters.
  • Contains at least three types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
    • Special characters: space and `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
  • Differs from the user name.
  • Cannot be used repeatedly within 60 days.
  • Cannot be the same as the current password.

Permanent

The account cannot be deleted.

Ten consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after five minutes.

ommdba

None

nodemanager

Ten consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after five minutes.

Database account admin

  • Contains at least eight characters.
  • Contains at least three types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
    • Special characters: space and `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
  • Differs from the user name.
  • Cannot be the same as the current password.
  • Cannot be used repeatedly within 60 days or cannot be the same as any of the last 20 passwords.

Permanent

The account cannot be deleted.

Three consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after 10 minutes.

DeviceManager and CLI account admin

  • Contains 8 to 16 characters.
  • Contains at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
  • Differs from the user name and its reverse order.
  • Allows a character to appear for a maximum of three consecutive times.
  • Differs from any of the last three passwords.

90

Log in to DeviceManager as another super administrator, choose Settings > User and Security > Users and Roles > User Management, select the row that contains admin, and click Remove.

Three consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after 15 minutes.

cmdadmin and fc2Rest

  • Contains 8 to 16 characters.
  • Contains at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
  • Differs from the user name and its reverse order.
  • Allows a character to appear for a maximum of three consecutive times.
  • Differs from any of the last three passwords.

90

The account cannot be deleted.

Three consecutive invalid password attempts will cause the account to be locked. The account will be automatically unlocked after 15 minutes.

BIOS accounta

  • Contains 8 to 16 characters.
  • Contains at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9
  • Differs from any of the last five passwords.

Permanent

The account cannot be deleted.

Three consecutive invalid password attempts will cause the account to be locked. If the account is locked, restart the system.

BIOS accountb

  • Contains 8 to 16 characters.
  • Contains at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Lowercase letters: a to z
    • Uppercase letters: A to Z
    • Digits: 0 to 9

Permanent

The account cannot be deleted.

Three consecutive invalid password attempts will cause the account to be locked. If the account is locked, restart the system.

GRUB2 account

The system does not verify the password complexity. However, it is recommended that you set a complex password. For example, the password contains more than eight characters, including special characters and at least two types of the following characters: uppercase letters, lowercase letters, and digits.

90

The account cannot be deleted.

None

a: This BIOS account is applicable to the 2288H V5 node with 24 NVMe SSDs, 2288H V5 node with 12 NVMe SSDs, 2288H V5 12-slot node, 2288H V5 25-slot node, and 5288 V5 36-slot node.

b: This BIOS account is applicable to the TaiShan 2280 V2 12-slot node, TaiShan 2280 V2 25-slot node, and TaiShan 5280 V2 36-slot node.

You can configure security policies for DeviceManager accounts to ensure system security. Security policies include user name, password, and login policies. The configuration method is as follows:

  1. Log in to DeviceManager.
  2. Choose Settings > User and Security > Security Policies.

    The security policy configuration page is displayed.

  3. Modify security policies.
  4. Click Save.
Translation
Download
Updated: 2019-11-14

Document ID: EDOC1100081422

Views: 2133

Downloads: 4

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next