System Administration > Configuration > Fabric > Nodes > User Management > Authentication Policy
Name | Description | Type | Notes |
---|---|---|---|
_links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
_retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
_schema | Schema for this resource | string | Readonly |
_self | Link to this resource | SelfResourceLink | Readonly |
api_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_failed_auth_reset_period | Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_max_auth_failures | Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "5" |
cli_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
integer | Minimum: 0 Maximum: 604800 Default: "900" |
cli_max_auth_failures | Number of authentication failures that trigger CLI lockout | integer | Minimum: 0 Maximum: 10 Default: "5" |
digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
Name | Description | Type | Notes |
---|---|---|---|
_links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
_retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
_schema | Schema for this resource | string | Readonly |
_self | Link to this resource | SelfResourceLink | Readonly |
api_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_failed_auth_reset_period | Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_max_auth_failures | Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "5" |
cli_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
integer | Minimum: 0 Maximum: 604800 Default: "900" |
cli_max_auth_failures | Number of authentication failures that trigger CLI lockout | integer | Minimum: 0 Maximum: 10 Default: "5" |
digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
Name | Description | Type | Notes |
---|---|---|---|
_links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
_retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
_schema | Schema for this resource | string | Readonly |
_self | Link to this resource | SelfResourceLink | Readonly |
api_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_failed_auth_reset_period | Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
api_max_auth_failures | Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "5" |
cli_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
integer | Minimum: 0 Maximum: 604800 Default: "900" |
cli_max_auth_failures | Number of authentication failures that trigger CLI lockout | integer | Minimum: 0 Maximum: 10 Default: "5" |
digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |