Security Policy Modifications

You can use the plan change-parameters command in order to change a security policy in the system:

plan change-parameters -security <id>...

Security parameters are applied implicitly and uniformly across all SNs, RNs and Admins.

The following security parameters can be set:

• sessionTimeout=<Long TimeUnit>

  Specifies the length of time for which a login session is valid, unless extended. The default value is 24 hours.

• sessionExtendAllowed=<Boolean>

  Indicates whether session extensions should be granted. Default value is true.

• accountErrorLockoutThresholdInterval=<Long TimeUnit>

  Specifies the time period over which login error counts are tracked for account lockout monitoring. The default value is 10 minutes.

• accountErrorLockoutThresholdCount=<Integer>

  Number of invalid login attempts for a user account from a particular host address over the tracking period needed to trigger an automatic account lockout for a host. The default value is 10 attempts.

• accountErrorLockoutTimeout=<Long TimeUnit>

  Time duration for which an account will be locked out once a lockout has been triggered. The default value is 30 minutes.

• loginCacheTimeout=<Long TimeUnit>

  Time duration for which KVStore components cache login information locally to avoid the need to query other servers for login validation on every request. The default value is 5 minutes.