DLP-A271 Change Security Policy on a Single Node
Onsite/Remote
Security Level
In node view, click the Provisioning > Security > Policy tabs.
Step 1
If you want to modify the idle user timeout period, click the hour (H) and minute (M) arrows in the
Step 2
Idle User Timeout area for the security level you want to provision: RETRIEVE, MAINTENANCE,
PROVISIONING, or SUPERUSER. The idle period time range is between 0 and 16 hours, and 0 and 59
minutes. The user is logged out after the idle user timeout period is reached.
In the User Lockout area, you can modify the following:
Step 3
Failed Logins Before Lockout—The number of failed login attempts a user can make before the user
•
is locked out of the node. You can choose a value between 0 and 10.
Manual Unlock by Superuser—Allows a user with Superuser privileges to manually unlock a user
•
who has been locked out of a node.
Lockout Duration—Sets the amount of time the user will be locked out after a failed login. You can
•
choose a value between 0 and 10 minutes in five-second intervals.
In the Password Change area, you can modify the following:
Step 4
Prevent Reusing Last [ ] Passwords—Choose a value between 1 and 10 to set the number of different
•
passwords users must create before they can reuse a password.
Cannot Change New Password for [ ] days—If checked, prevents users from changing their
•
password for the specified period. The range is 20 to 95 days.
Require Password Change on First Login to New Account—If checked, requires users to change
•
their password the first time they log into their account.
To require users to change their password at periodic intervals, check the Enforce Password Aging
Step 5
check box in the Password Aging area. If checked, provision the following parameters:
Aging Period—Sets the amount of time that must pass before the user must change their password
•
for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERUSER. The
range is 20 to 95 days.
Warning—Sets the number days the user will be warned to change his or her password for each
•
security level. The range is 2 to 20 days.
In the Other area, you can provision the following:
Step 6
Single Session Per User—If checked, limits users to one login session at one time.
•
Disable Inactive User—If checked, disables users who do not log into the node for the period of time
•
specified in the Inactive Duration box. The Inactive Duration range is 45 to 90 days.
Click Apply. Confirm that the changes appear; if not, repeat the task.
Step 7
Return to your originating procedure (NTP).
Step 8
Cisco ONS 15454 Procedure Guide, R5.0
19-54
Onsite or remote
Superuser
Chapter 19
DLPs A200 to A299
September 2005