Note: This section applies to the Cleo Harmony and Cleo VLTrader applications
only.
You can define a
Password Policy that enforces password security requirements for any or all Local
User mailboxes. To enforce a global password policy, go to tab in the native UI or in the web UI, and then select the Enforce Password
Policy check box in the Property/Value list. This allows you to enable,
disable, or override password policies for a particular local user host (FTP, HTTP, and SSH
FTP) or Users host so that all underlying mailboxes operate with separate security
restrictions.
To configure the password policy, after selecting the Enforce Password
Policy check box, click Configure to display the
Password Policy dialog box. Set values as required and click
OK.
The default Password Policy settings are:
- Minimum Password Length enforces the minimum number of
characters a password must contain. (The length can range from 1-16 characters)
- Password Cannot Contain User Name enforces that the user name
(that is, the mailbox alias) cannot be part of the password specified in upper, lower,
or mixed case.
- Require Mixed Case enforces the minimum number of upper and
lowercase characters that a password must contain.
- Require Numeric Characters enforces the minimum number of
numeric characters a password must contain (digits 0-9).
- Require Special Characters enforces the minimum number of
special characters a password must contain (for example
@$%^&*!).
- Prevent Password Repetition requires that a different password
be used until the Number of Passwords Before Repeats Allowed
value has been exceeded.
- When the Enable Password Expiration setting is selected, user
passwords will expire after the specified number of days. The commonly used number of
days is included in the drop-down list; however, a valid custom value can be entered
instead.
- When the Require password reset before first use setting is
selected, the user is required to update their password before being able to fully log
in if a new mailbox is created under the host or the user's password is changed from the
administrator console. There are provisions through FTP, interactive SFTP, and Portal to
allow the password to be updated. This setting only applies to native users.
- If Lock out user is enabled, a user who fails to enter the
correct password after failed logon attempts times within the
specified number of seconds is locked out of the mailbox for the
specified number of minutes. If the minutes are not specified
(that is, the field is left blank), the user is locked out until the user’s mailbox is
unlocked manually by the Cleo VLTrader or Cleo Harmony user. Refer to
the specific local user mailbox (FTP, HTTP, and SSH FTP) for further information.
Note: All configured security settings except Enable Password
Expiration and Lock out user are enforced at the time
the user changes their password.