Index  |  Top  -  Up Data ONTAP 8.3

security login role config modify

Modify local user account restrictions

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login role config modify command modifies user account restrictions.

Parameters

-vserver <vserver name> - Vserver

This specifies the Vserver name associated with the profile configuration.

-role <text> - Role Name

This specifies the role whose account restrictions are to be modified.

[-username-minlength <integer>] - Minimum Username Length Required

This specifies the required minimum length of the user name. Possible values range from 3 to 16 characters. The default setting is 3 characters.

[-username-alphanum {enabled|disabled}] - Username Alpha-Numeric

This specifies whether a mix of alphabetic and numeric characters are required in the user name. If this parameter is enabled, a user name must contain at least one letter and one number. The default setting is disabled.

[-passwd-minlength <integer>] - Minimum Password Length Required

This specifies the required minimum length of a password. Possible values range from 3 to 64 characters. The default setting is 8 characters.

[-passwd-alphanum {enabled|disabled}] - Password Alpha-Numeric

This specifies whether a mix of alphabetic and numeric characters is required in the password. If this parameter is enabled, a password must contain at least one letter and one number. The default setting is enabled.

[-passwd-min-special-chars <integer>] - Minimum Number of Special Characters Required In The Password

This specifies the minimum number of special characters required in a password. Possible values range from 0 to 64 special characters. The default setting is 0, which requires no special characters.

[-passwd-expiry-time <unsigned32_or_unlimited>] - Password Expires In (Days)

This specifies password expiration in days. A value of 0 means all passwords associated with the accounts in the role expire now. The default setting is unlimited, which means the passwords never expire.

[-require-initial-passwd-update {enabled|disabled}] - Require Initial Password Update on First Login

This specifies whether users must change their passwords when logging in for the first time. Initial password changes can be done only through SSH or serial-console connections. The default setting is disabled.

[-max-failed-login-attempts <integer>] - Maximum Number of Failed Attempts

This specifies the allowed maximum number of consecutive invalid login attempts. When the failed login attempts reach the specified maximum, the account is automatically locked. The default is 0, which means failed login attempts do not cause an account to be locked.

[-lockout-duration <integer>] - Maximum Lockout Period (Days)

This optionally specifies the number of days for which an account is locked if the failed login attempts reach the allowed maximum. The default is 0, which means accounts will be locked for 1 day.

[-disallowed-reuse <integer>] - Disallow Last 'N' Passwords

This specifies the number of previous passwords that are disallowed for reuse. The default setting is six, meaning that the user cannot reuse any of their last six passwords. The minimum allowed value is 1.

[-change-delay <integer>] - Delay Between Password Changes (Days)

This specifies the number of days that must pass between password changes. The default setting is 0.

Examples

The following command modifies the user-account restrictions for an account with the role name admin for a Vserver named vs. The minimum size of the password is set to 12 characters. 
cluster1::> security login role config modify -role admin -vserver vs
-passwd-minlength 12
Index  |  Top  -  Up Data ONTAP 8.3

Copyright © 1994-2015 NetApp, Inc. Legal Information

©2016 NetApp Contact Us How to Buy Feedback Careers Legal Privacy Policy Subscriptions (RSS)|