![]() |
The PAM Password Manager allows you to define:
rules that require users to change their passwords periodically. The settings on this page affect the settings in the /etc/login.defs file and are used by the Add Login and Modify Login pages.
![]() | Note |
Changes to the global password settings will only affect new users. Existing users will not be affected. |
how AE Services Management Console administrative accounts are authenticated and controlled.
If you authenticate users to an external LDAP server, select the External LDAP check box.
If you do not authenticate users to an external LDAP server, accept the default. By default, this option is disabled (that is, a check mark does not appear in the External LDAP check box). When this option is disabled, AE Services authenticates OAM administrative users to the local Linux password store on the AE Services server.
If you want to allow the Avaya Logins access to the server (Recommended), select the Enable EASG user access checkbox. This option also allow the ability to specify which of the Avaya Logins may or may not be granted access.
![]() | Note |
By enabling Avaya Logins you are granting Avaya access to your system. This is necessary to maximize the performance and value of your Avaya support entitlements, allowing Avaya to resolve product issues in a timely manner. In addition to enabling the Avaya Logins, this product should be registered with Avaya and technically onboarded for remote connectivity and alarming. Please see the Avaya support site (support.avaya.com/registration) for additional information for registering products and establishing remote access and alarming. |
If you want to block the Avaya Logins access to the server, select the Enable EASG user access checkbox.
![]() | Note |
By disabling Avaya Logins you are preventing Avaya access to your system. This is not recommended, as it impacts Avaya’s ability to provide support for the product. Unless the customer is well versed in managing the product themselves, Avaya Logins should not be disabled. |
Enforce Password Limits check box indicates whether password limits are in effect for the user. This setting is enabled by default (the check box is selected), which, in turn, enables the following settings.
Number of times user is prompted for a new password (retry). The default is 3.
Number of characters in new password that must be different from old password (difok). The default is 2.
Minimum length of a new password (minlen). The default is 8.
Minimum credit in meeting required password length for digits in a password (dcredit). The default is 1.
Minimum credit in meeting required password length for upper case characters in a password (ucredit). The default is 1.
Minimum credit in meeting required password length for lower case characters in a password (lcredit). The default is 1.
Minimum credit in a meeting required password length for other characters in a password (ocredit). The default is 1.
Number of previous passwords that cannot be reused. The default is 5.
Maximum number of same consecutive characters in a password. The default is 3.
The algorithm used to encrypt the Linux password. The choices are sha256 and sha512.
Enable account lockout with the following parameters check box. This check box is enabled by default, which, in turn, enables the following settings.
Lock out login after unsuccessful attempts to login (deny). The default is 3 attempts.
Lock account for seconds (lock_time). The default is 60 seconds.