Contents
1 Introduction
This document describes how to create a password policy applicable for local Operation and Maintenance (O&M) user accounts.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has sufficient access rights to perform the task, for example, the user has System Security Administrator role.
- The user is familiar with the security policy of the organization.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To create a password policy:
- Navigate to the LocalAuthenticationMethod Managed Object (MO), for example:
>dn ManagedElement=<Node Name>,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1
- Enter Config mode:
(LocalAuthenticationMethod=1)>configure
- Create the PasswordPolicy MO,
for example:
(config-LocalAuthenticationMethod=1)>PasswordPolicy=1
- Set the PasswordPolicy attributes
according to operators password policy, in case the values differ
from default values, for example:
(config-PasswordPolicy=1)>minLength=12
- Note:
- This attribute means the minimum length of password, it is necessary to make sure the password is longer than minimum length, otherwise error info will be shown in ECLI.
- Set the password quality by giving a reference to the PasswordQuality MO, for example:
(config-PasswordPolicy=1)>passwordQuality="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,PasswordQuality=1"
- Commit the settings:
(config-PasswordPolicy=1)>commit
- Verify the settings:
(PasswordPolicy=1)>show -v
The following is an example output:
PasswordPolicy=1 expireWarning=7 <default> failureCountInterval=1800 <default> historyLength=12 <default> lockoutDuration=[] <empty> maxAge=90 <default> maxFailure=3 <default> minAge=15 <default> minLength=12 passwordPolicyId="1" passwordQuality="ManagedElement=1,⇒ SystemFunctions=1,SecM=1,UserManagement=1,⇒ LocalAuthenticationMethod=1,PasswordQuality=1" reservedByAccount=[] <empty> <read-only> userLabel=[] <empty>