Configure Password Security Settings Using the SSO Configuration Tool

The password security settings are the settings that control how the password that
NetOps Portal
uses functions and works. You
configure
these settings using the Single Sign-On Configuration tool.
You can
change
the password using
NetOps Portal
or the
NetOps Portal
REST web service.
For more information:
Follow these steps:
  1. Open a terminal session on the
    NetOps Portal
    host (as root or with the
    sudo
    command).
  2. Launch the Single Sign-On Configuration tool by running the
    ./SsoConfig
    command in the following directory:
    <installation_directory>
    /PerformanceCenter
    /opt/CA
    is the default installation directory.
    You are prompted to select an option. The available options correspond to the data sources running on the local server.
    Use the following commands as needed while you are selecting settings:
    • q
      (quit)
    • b
      (go back to the previous menu)
    • u
      (update)
    • r
      (reset)
  3. Enter
    1
    to configure
    NetOps Portal
    (CAPC) security settings.
    You are prompted to select a configuration option.
  4. Enter
    8
    to configure
    NetOps Portal
    (DX NetOps) local password authentication settings.
    You are prompted to specify the priority.
    The
    Priority
    parameter only applies to
    NetOps Portal
    .
  5. Enter
    one
    of the following options:
    • 1. Enforce password requirements:
      Specify whether to enforce the password requirements.
      Default:
      Enabled
    • 2. Allow REST to create users with usernames and passwords that match:
      Specify that you can programatically create users and passwords that match.
      Default:
      Enabled
      Recommended:
      105
    • 3. Minimum password length:
      Specify the minimum password length in characters.
      Length:
      8-32
      Default:
      8
      Recommended:
      105
    • 4. Password lifespan:
      Specify the number of days after which passwords expire.
      Values:
      0-712 days (Specify 0 to disable password expiration and to specify passwords to never expire.)
      Default:
      105 days
      Recommended:
      105
    • 5. Disable password expiration for a specific user:
      Specify the user account (username) for the user requiring that their password
      not
      expire.
    • 6. Enable password expiration for a specific user:
      Specify the user account (username) for the user requiring that their password expire.
    • 7. Expire password for a specific user:
      Specify the user account (username) for the user requiring a password change. When
      NetOps Portal
      prompts the user for their password, and they enter it,
      NetOps Portal
      then prompts the user to change their password.
    • 8. Expire all passwords immediately:
      Specify to expire password for all user accounts.
    • 9. Failed login attempts before blocking
      Specify the number of failed login attempts before a user is blocked (disabled).
      Values:
      2-9
      Default:
      6
    • 10. Timeframe for failed login attempts
      Specify the time frame that the failed login attempts must occur before a user is blocked (disabled).
      Values:
      1-10
      Default:
      3
    • 11. Disable user after failed login attempts
      Specify whether multiple failed login attempts within a time frame disables user accounts.
      Default:
      Enabled
    • 12. Number of minutes to block IP address after failed login attempts
      Specify the number of minutes after failed login attempts that an IP address for user accounts is blocked.
      This functionality is
      not
      an intrusion detection system.
      Values:
      0-1440
      Default:
      0  (The IP addresses for user accounts are not blocked after failed login attempts.)
  6. Enter
    b
    and
    b
    again to go back to the first set of options.
  7. Enter
    q
    .
The basic security settings are configured.