Changing the Security Defaults

This procedure is used to change the user ID and password requirements for the EAGLE using the chg-secu-dflt command. The chg-secu-dflt command uses these parameters.

:page – The amount of time, in days, that the specified user’s password can be used before the user must change their password. The value of this parameter applies to all EAGLE user IDs unless a different value is specified for a specific user ID with the ent-user or chg-user command.

:uout – The number of consecutive days that a user ID can remain active in the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID. The value of this parameter applies to all user IDs in the EAGLE unless a different value is specified for a specific user ID with the ent-user or chg-user command.

:multlog – are the user IDs allowed to log on to more than one terminal at any given time.

:minlen – the minimum length of the password

:alpha – the minimum number of alpha characters (a - z)

:num – the minimum number of numeric characters (0 - 9)

:punc – the minimum number of punctuation characters (any printable character that is not an alphabetic character, a numeric character, the space bar)

:minintrvl – the minimum number of days before a password can be changed again.

:pchreuse – the number of characters that cannot be reused from the current password when setting the new password. For example, if the pchreuse parameter value is 5, no more than five characters of the current password can be reused in the new password.

:pgrace – the number of days after password expiration during which the user can login without changing their password.

:pnotify – the number of days before password expiration that the user is notified about the expiration.

:preuse – the number of previous passwords that cannot be used. If the preuse parameter value is 6, the previous six passwords cannot be used.

The chg-secu-dflt command also contains the wrnln,wrntx, and clrwrntx parameters. These parameters are used to configure the unauthorized use warning message that is displayed when a user logs into the EAGLE. To configure the unauthorized use warning message, go to the Configuring the Unauthorized Use Warning Message procedure.

Even though the minlen parameter specifies the minimum length of a password, the password must also contain the minimum number characters defined by the alpha, num, and punc parameters.

The examples in this procedure are used to change the security defaults to these values.

page = 100 days

uout = 50 days

multlog = yes, to allow the user IDs in the EAGLE to log onto more than one terminal at any given time.

minlen = 12 characters

alpha = 2 characters

num = 2 characters

punc = 2 characters

minintrvl = 5 days

pnotify = 14 days

pgrace = 2 days

preuse = 6 passwords

pchreuse = 5 characters

Note:

When the EAGLE is delivered to the user, the database will contain these security default values.

:page = 90 days

:uout = 90 days

:multlog = no

:minlen = 8 characters

:alpha = 1 character

:num = 1 character

:punc = 1 character

:minintrvl = 1 day

:pnotify = 7 days

:pgrace = 3 days

:preuse = 5 passwords

:pchreuse = 4 characters

The rtrv-secu-dflt command uses the msg parameter to specify whether the unauthorized use warning message text is displayed in the command output. The msg parameter has two values.

yes – the unauthorized use warning message text is displayed.

no – the unauthorized use warning message text is not displayed.

The default value for this parameter is no.

Regardless of the value specified for the msg parameter, the user ID and password security defaults are displayed in the rtrv-secu-dflt command output.

Display the current security defaults by entering the rtrv-secu-dflt command.

This is an example of the possible output.

rlghncxa03w 10-04-01 16:02:05 GMT  EAGLE5 42.0.0
SECURITY DEFAULTS
-----------------
PAGE           60
UOUT           90
MULTLOG        NO
MINLEN          8
ALPHA           1
NUM             1
PUNC            1
MININTRVL       1
PNOTIFY         7
PGRACE          3
PREUSE          5
PCHREUSE        4

Change the current security defaults by entering the chg-secu-dflt command.
For this example, enter this command.

chg-secu-dflt:page=100:uout=50:multlog=yes:minlen=12:alpha=2 :num=2:punc=2:minintrvl=5:pchreuse=5:pgrace=2:pnotify=14:preuse=6

When this command has successfully completed, this message should appear.
```
rlghncxa03w 06-10-01 11:43:04 GMT EAGLE5 36.0.0
CHG-SECU-DFLT: MASP A - COMPLTD
```

Verify the changes with the rtrv-secu-dflt command.

This is an example of the possible output.

rlghncxa03w 10-04-01 16:02:05 GMT  EAGLE5 42.0.0
SECURITY DEFAULTS
-----------------
PAGE          100
UOUT           50
MULTLOG       YES
MINLEN         12
ALPHA           2
NUM             2
PUNC            2
MININTRVL       5
PNOTIFY        14
PGRACE          2
PREUSE          6
PCHREUSE        5

Back up the new changes using the chg-db:action=backup:dest=fixed command.

These messages should appear, the active Maintenance and Administration Subsystem Processor (MASP) appears first.

BACKUP (FIXED) : MASP A - Backup starts on active MASP.
BACKUP (FIXED) : MASP A - Backup on active MASP to fixed disk complete.
BACKUP (FIXED) : MASP A - Backup starts on standby MASP.
BACKUP (FIXED) : MASP A - Backup on standby MASP to fixed disk complete.

Figure 4-2 Changing the Security Defaults