Policy


(Superusers only; node view only) Use the node view Policy subtab to view and edit the ONS node security policies.

Item

Description

Idle User Timeout

These fields modify the amount of time a CTC user can be idle before CTC logs the user out. To modify the idle time, click the hour (H) and minute (M) arrows for each CTC security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. You can choose values between 0 to 16 hours, and 0 to 59 minutes.

User Lockout

These fields provision the user lockout policies:

  • Failed Logins Before Lockout: Sets the number of times a user can fail to login before CTC locks the user out. The minimum is 0, and the maximum is 10.

  • Manual Unlock by Superuser: If checked, a Superuser must manually unlock the locked out user before the user can log back into the node.

  • Lockout Duration: If Manual Unlock by Superuser is not checked, sets the lockout duration in minutes (M) and seconds (S). A locked out user can log into the node after the lockout duration time period has passed. The maximum lockout period is 10 minutes.

Password Change

These fields provision the user password change policies:

  • Prevent Reusing Last Password: Sets the number of recent passwords a user cannot reuse. The minimum is 1, and the maximum is 10.

  • Cannot Change New Password For: If checked, the user cannot change a new password for the number of days set in the "days" box. The minimum is 20, and the maximum is 95 days.

  • Requires Password Change on First Login to New Account: If checked, requires the user to change his or her password the first time he or she logs into the ONS node.

Password Aging

Provision the user password aging policies:

  • Enforce Password Aging: If checked, requires the user to change his or her password within the number days set in Aging Period.

  • Aging Period: Sets the number of days that must pass before a user is required to change his or her password. A different aging period can be set for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. The minimum aging period is 20 days, and the maximum is 90.

  • Warning Period: Set the number of days the user is warned to change their password. A different aging period can be set for each security level. The minimum is 3 days, and the maximum is 20 days.

Other

These fields provision the CTC session policies:

  • Single Session Per User: If checked, limits users to a single CTC session.

  • Disable Inactive User: If checked, disables users if they have not logged into the ONS node for the time period set in the Inactive Duration field.

  • Inactive Duration: Sets the number of inactive days that must pass before the user is disabled. The minimum is 45 days, and the maximum 90 days.

Apply

Applies changes made to the Policy fields.

Reset

Cancels any Policy subtab changes and returns the fields to their last-saved settings.

Help

Displays context-sensitive help.