Authentication type
Select the default authentication method for users when connecting to the cluster. There are four options available:
|
• |
UserID/Password: Uses a user ID and password that you define in HAM. This option allows you to set the remaining parameters of the security
settings related to password complexity and features in this window.
|
|
• |
RSA SecurID: Users RSA SecurID tokens. If you select this option, you must have the RSA Ace Agent installed and properly configured on
the servers. Selecting this option disables all of the other parts of the window (except the Group IP address validation section) as the settings cannot be used in conjunction with RSA SecurID. For this authentication method to work, you must
select the same option during the installation of the server software.
|
|
• |
Windows Domain: Uses the currently active Windows domain account of the user (the account the user is currently logged on with to the Windows
domain). This option covers both the Windows domain and the Active Directory Service. This option also disables parts of the
window (except the Group IP address validation section) as the settings cannot be used in conjunction with the Windows Domain authentication method.
|
|
• |
Novell iChain: Uses the currently active Novell iChain account (the account the user is currently logged on with to the Novell iChain server
and Novell eDirectory server in the back end). This option disables some parts of the window (except the Group IP address validation section) as they cannot be used in conjunction with the Novell iChain method.
|
User cannot change password
Disables the Change password button on the client's ActiveX control toolbar preventing users from changing their passwords.
Password must contain a digit
Enhances password complexity.
User must change password on first sign on
Forces users to replace the passwords assigned to them by the administrator and define their own new passwords the first time
they connect to the cluster.
Minimum password length
Defines a minimum acceptable length policy for user passwords. If the field is set to zero, passwords of any length will be
acceptable, including an empty password.
Password never expires
Clear the check box to force users to change their passwords at regular intervals.
|
• |
Expiry period: Defines how often users must change their password. |
|
• |
Warning period: Defines the number of days before the end of the Expiry period that HAM sends the user a warning notification to change their password. The notification stops when the user changes the
password. If the user does not change the password by the end of the expiry period, they cannot sign on until they change
it. |
Enable grace login policy
Defines a policy to block users who attempt to sign on with the wrong password.
|
• |
Number of attempts: Defines the number of times the user can enter a wrong password before the account is locked. |
|
• |
Reset interval time: Defines the time (in minutes) after which the system automatically unlocks a locked account. |
Group IP address validation
Defines IP address filters or access lists for the users. HAM allows you to define up to four subnets. HAM accepts connections
only from users having IP addresses belonging to the defined subnets. For example, if you define 10.1.1 and 10.1.2 then HAM
only gives access to users with IP addresses in the ranges 10.1.1.0 to 10.1.1.255 and 10.1.2.0 to 10.1.2.255.