Edit Security Policy
(Superusers only; network view only) Use the Edit Security Policy dialog box to modify ONS node security policies including idle user timeout, user lockouts, password changes, and password aging.
 
Item
Description
Idle User Timeout
Modifies the amount of time a CTC user can be idle before CTC logs them out. To modify the idle time, click the hour (H) and minute (M) arrows for each CTC security level—RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERUSER. You can choose values between 0 and 16 hours, and 0 and 59 minutes.
User Lockout
Sets the user lockout policies:
 •
Failed Logins Before Lockout—Sets the number of time a user can fail to log in before CTC locks them out. The minimum is 0, and the maximum is 10.
 •
Manual Unlock by Superuser—If checked, a Superuser must manually unlock the locked out user before they can log back into CTC.
 •
Automatic Unlock After—If Manual Unlock by Superuser is not checked, set the lockout duration by changing the minutes (M) and seconds (S) fields. The maximum lockout period is 10 minutes, 55 seconds.
Password Change
Sets the user password change policies:
 •
Prevent Reusing Last Password—Sets the number of recent passwords a user cannot reuse. The minimum is 1, and the maximum is 10.
 •
New Password must Differ from the Old Password by—Sets the number of characters that the new password must differ from the old one. The minimum is 1, and the maximum is 5.
 •
Cannot Change New Password For—If checked, the user cannot change a new password for the number of days set in the “days” box. The minimum is 0, and the maximum is 95 days.
 •
Requires Password Change on First Login to New Account—If checked, requires the user to change their password the first time they log into an ONS node.
Password Aging
Sets the user password aging policies:
 •
Enforce Password Aging—If checked, requires the user to change their password within the number days set in Aging Period.
 •
Aging Period—Sets the number of days that must pass before a user is required to change their password. A different aging period can be set for each security level—RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. The minimum aging period is 20 days, and the maximum is 90.
 •
Warning Period—Set the number of days the user is warned to change their password. A different aging period can be set for each security level. The minimum is 3 days, and the maximum, 20 days.
Other
Sets the CTC session policies:
 •
Single Session per User—If checked, limits users to a single CTC session.
 •
Disable Inactive User—If checked, disables users if they have not logged into the ONS node for time set in the Inactive Duration field.
 •
Inactive Duration—Sets the number of inactive days that must pass before the user is disabled. The minimum is 1 day, and the maximum 99 days.
Select Applicable Nodes
(Network view only) Provides a list of network nodes. Security policy changes apply to all nodes that are checked. The policy changes are not applied to nodes that are not checked.
Unselect all
(Network view only) Deselects all nodes listed under applicable nodes list.
OK
Saves any changes and closes the Security Policy dialog box.
Cancel
Cancels any changes and closes the Security Policy dialog box.
Help
Displays CTC context-sensitive help.

Copyright © 2002-2011, Cisco Systems, Inc. All rights reserved.