Contents

1   Description

This instruction describes how to create a password policy applicable for local Operation and Maintenance (O&M) user accounts.

2   Procedure

2.1   Create Password Policy

Prerequisites

• No documents are required.
• No tools are required.
• The following conditions must apply:
  • The user has sufficient access rights to perform the task, for example, the user has System Security Administrator role.
  • The user is familiar with the security policy of the organization.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the LocalAuthenticationMethod Managed Object (MO), for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1

2. Enter Config mode:

   (LocalAuthenticationMethod=1)>configure

3. Create the PasswordPolicy MO, for example:

   (config-LocalAuthenticationMethod=1)>PasswordPolicy=1

4. Set the PasswordPolicy attributes according to operators password policy, in case the values differ from default values, for example:

   (config-PasswordPolicy=1)>minLength=12

5. Set the password quality by giving a reference to the PasswordQuality MO, for example:

   (config-PasswordPolicy=1)>passwordQuality="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,PasswordQuality=1"

6. Commit the settings:

   (config-PasswordPolicy=1)>commit

7. Verify the settings:

   (PasswordPolicy=1)>show -v

   The following is an example output:

   PasswordPolicy=1 expireWarning=7 <default> failureCountInterval=1800 <default> historyLength=12 <default> lockoutDuration=[] <empty> maxAge=90 <default> maxFailure=3 <default> minAge=15 <default> minLength=12 passwordPolicyId="1" passwordQuality="ManagedElement=1,⇒ SystemFunctions=1,SecM=1,UserManagement=1,⇒ LocalAuthenticationMethod=1,PasswordQuality=1" reservedByAccount=[] <empty> <read-only> userLabel=[] <empty>