Policy (Multishelf/Node View)
(Superusers only; multishelf view [multishelf mode] and node view [single-shelf mode] only) Use the node view Policy subtab to view and edit the ONS node security policies.
 
Item
Description
Idle User Timeout
Modifies the amount of time a CTC user can be idle before CTC logs the user out. To modify the idle time, click the hour (H) and minute (M) arrows for each CTC security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. You can choose values between 0 to 16 hours, and 0 to 59 minutes.
User Lockout
Provisions the user lockout policies:
Failed Logins Before Lockout: Sets the number of times a user can fail to log in before CTC locks the user out. The minimum is 0, and the maximum is 10.
Manual Unlock by Superuser: If checked, a Superuser must manually unlock the locked out user before the user can log back into the node.
Automatic Unlock After: If Manual Unlock by Superuser is selected, the locked-out user cannot log into the node until a Superuser clears the user’s Lock Out flag by editing the user in the Users tab. The maximum lockout period is 10 minutes. If Automatic Unlock After is selected, the locked-out user can log into the node after the user-provisioned lockout duration time period has passed.
Password Change
Sets the user password change policies:
Prevent Reusing Last Password: Sets the number of recent passwords a user cannot reuse. The minimum is 1, and the maximum is 10.
New Password must Differ from the Old Password by: Sets the number of characters that the new password must differ from the old one. The minimum is 1, and the maximum is 5.
Cannot Change New Password For: If checked, the user cannot change a new password for the number of days set in the “days” box. The minimum is 20, and the maximum is 95 days.
Require Password Change on First Login to New Account: If checked, requires the user to change his or her password the first time he or she logs into the ONS node.
Password Aging
Sets the user password aging policies:
Enforce Password Aging: If checked, requires the user to change his or her password within the number days set in Aging Period.
Aging Period: Sets the number of days that must pass before a user is required to change his or her password. A different aging period can be set for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and SUPERVISER. The minimum aging period is 20 days, and the maximum is 90.
Warning Period: Set the number of days the user is warned to change their password. A different aging period can be set for each security level. The minimum is 3 days, and the maximum is 20 days.
Other
Sets the CTC session policies:
Single Session Per User: If checked, limits users to a single CTC session.
Disable Inactive User: If checked, disables users if they have not logged into the ONS node for the time period set in the Inactive Duration field.
Inactive Duration: Sets the number of inactive days that must pass before the user is disabled. The minimum is 1 day, and the maximum 99 days.
Apply
Applies changes made to the Policy fields.
Reset
Cancels any Policy subtab changes and returns the fields to their last-saved settings.
Help
Displays context-sensitive help.

Copyright © 2002-2009, Cisco Systems, Inc. All rights reserved.