Editing user authentication settings

Virtual Storage Platform One SDS Block System Administrator Guide

Version
1.16.x
Audience
anonymous
Part Number
MK-24VSP1SDS001-03

The following table lists the user authentication settings that you can perform.

Item

Description

System default

Allowed value range

minLength

Minimum password length.

8

1-256

minNumberOfUpperCaseChars

Minimum number of uppercase alphabetical characters contained in a password.

0

0-16

minNumberOfLowerCaseChars

Minimum number of lowercase alphabetical characters contained in a password.

1

0-16

minNumberOfNumerals

Minimum number of numerals (0 to 9) contained in a password.

1

0-16

minNumberOfSymbols

Minimum number of symbols (excluding alphanumeric characters) contained in a password.

0

0-16

numberOfPasswordHistory

Number of generations from generation 1 (when the password was changed) for which use of a previous password is prohibited. For example, if this is 2, the previous password cannot be set.

1 means that this limit is disabled (the user can set a previously used password).

1

1-10

requiresInitialPasswordReset

Whether change of the initial password is requested when a new user runs a REST API or CLI or logs in to the VSP One SDS Block Administrator for the first time.

If true, a new user is forced to change the default password before the initial operation.

true

Boolean

minAgeDays

Number of days after the password is changed until it can be changed.

0 means that the user can change the password immediately.

This should be less than maxAgeDays.

0

0-10

maxAgeDays

Number of days you can use a password after it has been changed.

The password is invalid if the specified number of days has passed.

0 means that this limit is disabled.

42

0-365

maxAttempts

Number of consecutive login failures until the account is disabled temporarily (account lock).

0 means that the account is not locked.

This setting is also applied at login to the console interface.

3

0-10

lockoutSeconds [sec]

Duration [sec] until the account is unlocked.

This setting is also applied at login to the console interface.

600

60-600

maxLifetimeSeconds [sec]

Token lifetime [sec].

86400

1800-604800

maxIdleSeconds [sec]

Time until a session times out [sec].

When access is made during the session before the timeout, the timeout count starts from this time [sec].

If you specify the time until a session times out (aliveTime [sec]) at the time of session creation, the setting takes priority over maxIdleSeconds [sec].

1800

300-86400

  • Required role: Security

  1. Edit the user authentication settings.

    You can perform this for the cluster master node (primary) only.

    REST API: PATCH /v1/objects/user-auth-setting

    CLI: user_auth_setting_set

    After running the command, you receive a response indicating user authentication setting information.

    Note:

    • The user authentication settings you edited are applied to the console interface by the internal processing that runs in one-minute cycle, and event log KARS20068-I is output. Therefore, it takes a certain amount of time until the entire setting is applied.

    • No event log is output when you perform the following operations:

      • You edited the user authentication settings. However, there is no change in lockoutSetting.

      • When requiresInitialPasswordReset is true in the user authentication settings, you disable a user who was enabled and for which the password has not yet been changed.

      • When requiresInitialPasswordReset is true in the user authentication settings, you change the password of a user for which the password has not yet been changed.

  2. (Bare metal) Back up the configuration information.

    Perform this step by referring to Backing up the configuration information (Bare metal).

    If you continue operations with other procedures, you must back up the configuration information after you have completed all operations.