4.131 chg-secu-dflt

Use this command to change various system-wide, security-related defaults, such as:

• The default password aging interval
• The default user ID aging interval
• Whether to allow or prohibit multiple simultaneous logins with the same user ID
• Control of the password security algorithm
• Login warning message text
• Clear the warning message text displayed during login to the EAGLE
• Password expiring notification interval
• Password expired grace period
• Control of the Telnet terminal security

Parameters

alpha (optional)

Minimum number of alphabetic characters (a–z) required in a new password.

Range:

0 - 20

Default:

Current value

System Default:

1

clrwrntx (optional)

Clear warning text. This parameter deletes warning message text.

Range:

no

Does not delete any warning message text.

yes

Deletes warning message text for the line specified by the wrnln parameter.

all

Deletes warning message text for all lines.

Default:

No change to current value.

minintrvl (optional)

Minimum number of days before a password can be changed again.

Range:

0 - 30

Default:

No change to the current value

System Default:

1

minlen (optional)

Minimum number of characters that must be in a user password.

Range:

1 - 20

Default:

Current value

System Default:

8

multlog (optional)

This parameter specifies whether multiple simultaneous logins can be performed with a user ID.

Range:

yes

A user ID can be logged in to more than one terminal at the same time.

no

A user ID can be logged in to only one terminal at a time.

Default:

Current value

System Default:

no

num (optional)

Minimum number of numeric characters required in a new password.

Range:

0 - 20

Default:

Current value

System Default:

1

page (optional)

Default password aging interval for newly created user IDs. If the page parameter is specified in the ent-user command, the system uses that value; otherwise, the system uses the value specified here.

Range:

0 - 999

Default:

Current value

System Default:

90

pchreuse (optional)

Number of characters that cannot be reused from the existing password when setting a new password.

Range:

0 - 10

Default:

No change to the current value

System Default:

4

pgrace (optional)

Number of days after password expiration during which the user can login without changing their password.

Range:

0 - 7

Default:

No change to the current value

System Default:

3

pnotify (optional)

Number of days before password expiration that the user is notified about the expiration.

Range:

0 - 30

Default:

No change to the current value

System Default:

7

preuse (optional)

Number of passwords in the password history that must be unique.

Range:

0 - 9

Default:

No change to the current value

punc (optional)

Minimum number of punctuation characters required in a new password. A punctuation character is any character that is not an alphabetic or numeric character, including spaces.

Range:

0 - 20

Default:

Current value

System Default:

1

ssh (optional)

This parameter specifies whether the telnet connections are secure or not.

Range:

on

The telnet connections are secure.

off

The telnet connections are unsecure.

System Default:

on

uout (optional)

Number of successive days a user ID can go unused (no successful login) before the system denies login. If the uout parameter is specified in the ent-user command, the system uses that value; otherwise, the system uses the value specified here.

Range:

0 - 999

Default:

Current value

System Default:

90

wrnln (optional)

Warning message line number. The line number within the warning message to receive the new text specified by the wrntx parameter.

Range:

1 - 20

Default:

Current value

wrntx (optional)

New message text for the warning message. The text that replaces the current text of the warning message line specified by the wrnln parameter.

Range:

zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz Any quoted alphanumeric string from 1-76 characters in length; for example, “abc123”.

Default:

Current value

Example

chg-secu-dflt:minlen=5

The following example input shows how to add a blank line to the display after a successful login and how to cause lines not to display as part of the message after a successful login.

chg-secu-dflt:wrnln=1:wrntx=“**************************************************************”

chg-secu-dflt:wrnln=1:clrwrntx=yes

chg-secu-dflt:wrnln=3:wrntx=“* unauthorized access or use may lead to*”

chg-secu-dflt:wrnln=4:wrntx=“* prosecution.*“

chg-secu-dflt:wrnln=5:wrntx=“* 05-07-01 notice!!! eagle will be upgraded between‘*”

chg-secu-dflt:wrnln=6:wrntx=“* the hours of 2am-3am on 05-07-01.*”

chg-secu-dflt:wrnln=7:wrntx=“* *”

chg-secu-dflt:wrnln=8:wrntx=“* today’s happy message: go with oracle!!*”

chg-secu-dflt:wrnln=9:wrntx=“*****************************************************”

chg-secu-dflt:wrnln=10:wrntx=“ ” (set to 1 space to insert a blank line)

chg-secu-dflt:wrnln=10:clrwrntx=yes

chg-secu-dflt:clrwrntx=all

chg-secu-dflt:clrwrntx=no:multilog=yes

chg-secu-dflt:ssh=on

Dependencies

At least one optional parameter must be specified.

The sum of the values specified for the alpha, num, and punc parameters must not be greater than 20.

The wrnln and wrntx parameters must be specified together in this command.

If the clrwrntx=yes parameter is specified, then the wrnln parameter must be specified.

If the clrwrntx=all parameter is specified, then the wrnln and wrntx parameters cannot be specified.

If the wrnln parameter is specified, then the wrntx parameter or the clrwrntx=yes parameter must be specified.

Inhibit the IPSM cards before changing the value of parameter SSH.

Notes

The warning message lines are displayed in the scroll area in order after a successful login; that is, line 1, line 2, and so on.

Any warning message line deleted with clrwrntx=yes parameter is not displayed in the scroll area during login.

The following message is the default message delivered with every system:

NOTICE: This is a private computer system.

Unauthorized access or use may lead to prosecution.

Even though the minimum number of characters allowed in a password is specified using the minlen parameter, the password also must satisfy the minimum value requirements specified on the alpha, num, and punc parameters. The actual minimum password length is the greater of either the value specified on the minlen parameter or the total number of characters specified on the alpha, num, and punc parameters.

For example, if chg-secu-dflt:minlen=5:alpha=2:num=2:punc=2 is entered, the minimum number of password characters specified on the minlen parameter is 5. But the total number of characters specified in the alpha, num, and punc parameters is 6 (alpha+num+punc). The effective minimum number of characters is actually 6 rather than the 5 specified on the minlen parameter.

If the clrwrntx=yes parameter is specified, then at least one line number must be specified.

The Telnet connections will be secure when the value of the ssh parameter is ON. If the ssh parameter is OFF, the Telnet connections will not be secure.

Output

The following commands create the warning message that is shown in the output after the commands. The notes that are not bold in parentheses after some commands explain the displayed output. The warning message is displayed after the user enters the login command and a password. The output example shows the command output, a login command and password prompt, and the warning message that was created with these commands. See the Notes section for this command for additional information about entering this command. 

chg-secu-dflt:wrnln=1:wrntx=“*****************************************************”  

chg-secu-dflt:wrnln=2:wrntx=“* NOTICE: This is a private computer system. *”

chg-secu-dflt:wrnln=3:wrntx=“* Unauthorized Access or use may lead to *”

chg-secu-dflt:wrnln=4:wrntx=“* prosecution. *“

chg-secu-dflt:wrnln=5:wrntx=“* 08/03/01 Notice!!! Eagle will be upgraded between ‘*”

chg-secu-dflt:wrnln=6:wrntx=“*               the hours of 2am-3am on 08/03/15. *”

chg-secu-dflt:wrnln=7:wrntx=“* *”

chg-secu-dflt:wrnln=8:wrntx=“* Today’s happy message: Go with Oracle!!       *”

chg-secu-dflt:wrnln=9:wrntx=“*****************************************************”

chg-secu-dflt:wrnln=10:wrntx=“ ” (set to 1 space to cause blank line before login history is displayed)

chg-secu-dflt:wrnln=11:clrwrntx=yes

chg-secu-dflt:wrnln=12:clrwrntx=yes

chg-secu-dflt:wrnln=13:clrwrntx=yes

chg-secu-dflt:wrnln=14:clrwrntx=yes  (remaining lines are provisioned to cause

chg-secu-dflt:wrnln=15:clrwrntx=yes  them not to display as part of the message

chg-secu-dflt:wrnln=16:clrwrntx=yes  after successful login)

chg-secu-dflt:wrnln=17:clrwrntx=yes

chg-secu-dflt:wrnln=18:clrwrntx=yes

chg-secu-dflt:wrnln=19:clrwrntx=yes

chg-secu-dflt:wrnln=20:clrwrntx=yes

    rlghncxa03w 08-03-10 11:43:04 EST  EAGLE 38.0.0
    CHG-SECU-DFLT: MASP A - COMPLTD 
;
    LOGIN:UID=eagle
    PASSWORD:<password is not displayed>


    *****************************************************
    *  NOTICE: This is a private computer system.       *
    *  Unauthorized Access or use may lead to           *
    *  prosecution.                                     *
    *  08/03/01 Notice!!! Eagle will be upgraded between *
    *                the hours of 2am-3am on 08/03/15.  *
    *                                                   *
    *  Today’s happy message: Go with Oracle!!         *
    *****************************************************

    0 LOGIN failures since last successful LOGIN
    Last successful LOGIN was on port 3 on 08-03-09 @ 12:12:35 
;

The following command clears all of the warning messages.

chg-secu-dflt:clrwrntx=all

    tekelecstp 08-03-02 17:53:13 EST  EAGLE 38.0.0
    CHG-SECU-DFLT: MASP A - COMPLTD 
;

    LOGIN:UID=eagle
    PASSWORD:<password is not displayed>
  
    0 LOGIN failures since last successful LOGIN
    Last successful LOGIN was on port 3 on 08-02-26 @ 12:12:35 
;

The following commands set the warning message text that is shown in the output. The parameter clrwrntx=no has no impact on the command output.

chg-secu-dflt:wrnln=1:wrntx=“*****************************************************”:clrwrntx=no

chg-secu-dflt:wrnln=2:wrntx=“* NOTICE: This is a private computer system. *”:clrwrntx=no

chg-secu-dflt:wrnln=3:wrntx=“*****************************************************":clrwrntx=no

    tekelecstp 08-03-02 17:53:31 EST  EAGLE 38.0.0
    CHG-SECU-DFLT: MASP A - COMPLTD 
;
    LOGIN:UID=eagle
    PASSWORD:<password is not displayed>


    *****************************************************
    *  NOTICE: This is a private computer system.       *
    *****************************************************

    0 LOGIN failures since last successful LOGIN
    Last successful LOGIN was on port 3 on 08-02-26 @ 17:12:35 
;

The following command sets the ssh parameter to allow secure terminals.

chg-secu-dflt:ssh=on

tekelecstp 12-09-18 10:11:43 EST 45.0.0-64.42.0
chg-secu-dflt:ssh=on
Command entered at terminal #4.
CHG-SECU-DFLT: MASP A - COMPLTD
;