Manage Authentication Requirements

By default, user passwords must meet the following requirements:
capm370
By default, user passwords must meet the following requirements:
  • Be different from the username
  • Minimum length of 8 characters
  • Maximum length of 30 characters
  • Contain at least 3 of the following types of characters:
    • Special characters
    • Uppercase letters (A-Z)
    • Lowercase letters (a-z)
    • Numbers (0-9)
For more information, see Customize Your User Settings.
By default, non-LDAP passwords expire after 105 days. When passwords expire, access to REST and the OpenAPI is blocked. The next time users log in, they must change their passwords.
You can enable a setting that disables users after multiple failed login attempts within a timeframe. By default, 6 failed login attempts within 3 minutes disable the user. In addition to disabling the user, you can also block the IP address of the user for a specified amount of time. This functionality is
not
an intrusion detection system.
Configure Authentication Settings
If desired, you can change authentication requirements using the Single Sign-On Configuration/
CA Performance Center
Tool.
Follow these steps:
  1. Log in to the
    CA Performance Center
    host.
  2. Navigate to the
    CA Performance Center
    directory:
    cd
    PC_Install_Directory
    /PerformanceCenter
  3. Launch the SSO Configuration utility:
    ./SsoConfig
  4. Select CA
    CA Performance Center
    .
  5. Select and run option 8:
    CA Performance Center
    Local Password Authentication.
  6. Complete the following prompts:
    • 1. Enforce password requirements
      Specify whether to enforce the password requirements.
      Default:
      Enabled
    • 2. Allow REST to create users with usernames and passwords that match
      Specify whether to allow the REST web services to create users with usernames and passwords that match. If disabled, users are created with randomized passwords.
      Default:
      Enabled
    • 3. Minimum password length
      Specify the minimum password length.
      Default:
      8
    • 4. Password lifespan
      Specify when passwords expire. To disable password expiration, specify 0. If disabled, passwords never expire.
      Default:
      105 days
    • 5. Disable password expiration for a specific user
      Specify the user to disable password expiration for. The password for the specified user never expires.
    • 6. Enable password expiration for a specific user
      Specify the user to enable password expiration for. The password lifespan is applied.
    • 7. Expire password for a specific user
      Specify the user to expire the password for. The specified user must change their password the next time they log in.
    • 8. Expire the password for all users
      Confirm whether to expire the passwords for all users. If yes, all users must change their passwords the next time they log in.
    • 9. Failed login attempts before blocking
      Specify the number of failed login attempts before blocking the user.
      Default:
      6
    • 10. Timeframe for failed login attempts
      Specify the timeframe that the failed login attempts must occur before blocking the user.
      Default:
      3 minutes
    • 11. Disable user after failed login attempts
      Specify whether multiple failed login attempts within a timeframe disable the user.
      Default:
      Disabled
    • 12. Number of minutes to block IP address after failed login attempts
      Specify the number of minutes to block an IP address after multiple failed login attempts within a timeframe.
      Default:
      0
  7. Enter q to close the Single Sign-On Configuration Tool.
    The Single Sign-On Configuration Tool closes.
Enable a Disabled User
If a user is disabled after multiple failed login attempts, you can enable them using the Single Sign-On Configuration/
CA Performance Center
Tool.
You can also manage user account status in the
CA Performance Center
administration UI. For more information, see Manage User Accounts.
Follow these steps:
  1. Log in to the
    CA Performance Center
    host.
  2. Navigate to the
    CA Performance Center
    directory:
    cd
    PC_Install_Directory
    /PerformanceCenter
  3. Launch the SSO Configuration utility:
    ./SsoConfig
  4. Select CA
    CA Performance Center
    .
  5. Select and run option 9: Enable or Disable a user account.
  6. Complete the prompts.
  7. Enter q to close the Single Sign-On Configuration Tool.
    The Single Sign-On Configuration Tool closes.