Policy (Multishelf/Node View)
(Superusers only; multishelf view [multishelf mode] and node view [single-shelf mode] only) Use the node view Policy subtab to view and edit the ONS node security policies.
 
Item
Description
Idle User Timeout
These fields modify the amount of time a CTC user can be idle before CTC logs the user out. To modify the idle time, click the hour (H) and minute (M) arrows for each CTC security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERUSER. You can choose values between 0 to 16 hours, and 0 to 59 minutes.
User Lockout
These fields provision the user lockout policies:
 •
Failed Logins Allowed Before Lockout: Sets the number of times a user can fail to login before CTC locks the user out. The minimum is 0, and the maximum is 10.
 •
Manual Unlock by Superuser: If checked, a Superuser must manually unlock the locked out user before the user can log back into the node.
 •
Automatic Unlock After: If Manual Unlock by Superuser is selected, the locked-out user cannot log into the node until a Superuser clears the user's Lock Out flag by editing the user in the Users tab. The maximum lockout period is 10 minutes. If Automatic Unlock After is selected, the locked-out user can log into the node after the user-provisioned lockout duration time period has passed.
Password Change
These fields provision the user password change policies:
 •
Prevent Reusing Last Password: Sets the number of recent passwords a user cannot reuse. The minimum is 1, and the maximum is 10.
 •
New Password must Differ from the Old Password by: Sets the number of characters that the new password must differ from the old one. The minimum is 1, and the maximum is 5.
 •
Cannot Change New Password For: If checked, the user cannot change a new password for the number of days set in the “days” field. The minimum is 20, and the maximum is 95 days.
 •
Requires Password Change on First Login to New Account: If checked, requires the user to change his or her password the first time he or she logs into the ONS node.
Password Aging
Provision the user password aging policies:
 •
Enforce Password Aging: If checked, requires the user to change his or her password within the number days set in Aging Period.
 •
Aging Period: Sets the number of days that must pass before a user is required to change his or her password. A different aging period can be set for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERUSER. The minimum aging period is 20 days, and the maximum is 90.
 •
Warning Period: Set the number of days the user is warned to change their password. A different aging period can be set for each security level. The minimum is 3 days, and the maximum is 20 days.
Other
These fields provision the CTC session policies:
 •
Single Session Per User: If checked, limits users to a single CTC session.
 •
Disable Inactive User: If checked, disables users if they have not logged into the ONS node for the time period set in the Inactive Duration field.
 •
Inactive Duration: Sets the number of inactive days that must pass before the user is disabled. The minimum is 1 days, and the maximum 99 days.
Apply
Applies changes made to the Policy fields.
Reset
Cancels any Policy subtab changes and returns the fields to their last-saved settings.
Help
Displays context-sensitive help.

Copyright © 2002-2011, Cisco Systems, Inc. All rights reserved.