Edit Security Policy
(Superusers only; network view only) Use the Edit Security Policy dialog box to modify ONS node security policies including idle user timeout, user lockouts, password changes, and password aging.
 
Item
Description
Idle User Timout
These fields modify the amount of time a CTC user can be idle before CTC logs them out. To modify the idle time, click the hour (H) and minute (M) arrows for each CTC security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERUSER. You can choose values between 0 and 16 hours, and 0 and 59 minutes.
User Lockout
These fields provision the user lockout policies:
 •
Failed Logins Allowed Before Lockout: Sets the number of time a user can fail to log in before CTC locks them out. The minimum is 0, and the maximum is 10.
 •
Manual Unlock by Superuser: If checked, a Superuser must manually unlock the locked out user before they can log back into CTC.
 •
Automatic Unlockout After: If Manual Unlock by Superuser is not checked, set the automatic unlock period by changing the minutes (M) and seconds (S) fields. The maximum automatic unlock period is 10 minutes, 0 seconds.
Password Change
These fields provision the user password change policies:
 •
Prevent Reusing Last Password: Sets the number of recent passwords a user cannot reuse. The minimum is 1, and the maximum is 10.
 •
New Password Must Differ from Old Password: Sets the number of characters that must be different from the old password. The minimum is 1, and the maximum is 5.
 •
Cannot Change New Password For: If checked, the user cannot change a new password for the number of days set in the “days” box. The minimum is 20, and the maximum is 95 days.
 •
Require Password Change on First Login to New Account: If checked, requires the user to change their password the first time they log into an ONS node.
Password Aging
These fields provision the user password aging policies:
 •
Enforce Password Aging: If checked, requires the user to change their password within the number days set in Aging Period.
 •
Aging Period: Sets the number of days that must pass before a user is required to change their password. A different aging period can be set for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. The minimum aging period is 20 days, and the maximum is 90.
 •
Warning Period: Set the number of days the user is warned to change their password. A different aging period can be set for each security level. The minimum is 2 days, and the maximum, 20 days.
Password Complexity
 •
Reverse User ID Allowed
 •
Identical Consecutive Characters Allowed
 •
Minimum Length: The minimum length can be set to eight, ten, or twelve characters
 •
Maximum Length: The maximum length is 80 characters
 •
Minimum Required Charaters: The password must be a combination of alphanumeric (a-z, A-Z, 0-9) and special (+, #,%) characters, where at least two characters are nonalphabetic and at least one character is a special character. Superusers can specify when users must change their passwords and when they can reuse them.
Other
Sets the CTC session policies:
 •
Single Session Per User: If checked, limits users to a single CTC session.(Applicable to TL1/Telnet also)
 •
Prevent Super User Disable: If checked, prevents the super user disable function.
 •
Disable Inactive User: If checked, disables users if they have not logged into the ONS node for the time period set in the Inactive Duration field.
 •
Inactive Duration: Sets the number of inactive days that must pass before the user is disabled. The minimum is 1 day, and the maximum 99 days.
OK
Saves any changes and closes the Security Policy dialog box.
Cancel
Cancels any changes and closes the Security Policy dialog box.
Help
Displays CTC context-sensitive help.

Copyright © 2002-2011, Cisco Systems, Inc. All rights reserved.