<< Click to Display Table of Contents >>
Security Tab |
This tab allows managing several properties related to the security of users of a Domain. To open this item, right-click the E3 Admin icon on Windows Notification Area, select the Domain - Options option to open the window on the next figure, and then click the Security tab.
Security tab
The Security group contains the options described on the next table.
Available options on the Security group
Option |
Description |
---|---|
Disallow password change |
Prevents users from changing their password at run time |
Allow changing expired password |
Allows users to immediately change their expired password |
Alphanumeric password |
Determines that a password must contain letters and numbers |
Uppercase and lowercase characters |
Determines that a password must contain uppercase and lowercase letters |
Ignore case in passwords |
Indicates that password validation is performed without considering uppercase and lowercase letters. Enabling this option is not recommended |
Username and password must differ |
Determines that a user's name and password must not be the same. This option does not differentiate uppercase and lowercase letters |
Minimum password length |
Indicates whether a password must contain a minimum character length. If this option is enabled, configure in the Minimum characters item a minimum number of characters for a password |
Password expiration |
Indicates whether a user's password has an expiration time. Before reaching this time, a dialog box is displayed informing how many days are left for expiration and offering a possibility of changing that password. After that period of time, the password expires and must be changed. Defining this value as 0 (zero) allows a user's password to expire at the end of the current day. NOTE: If this option is enabled, configure in the Days to expire item a time period for this password to expire and, if the configured value is equal to 0 (zero), it is advisable to disable the Minimum password age option |
Minimum password age |
Indicates whether there is a minimum time in days for using a user's password before changing it. The value of the Minimum age in days item must be between 1 (one) and 730. Defining this value as 0 (zero) allows a user to change their password immediately. NOTE: If the Password expiration option is configured, the value of this option cannot exceed the value configured in the Days to expire item |
Minimum numeric characters in password |
Indicates whether a password must have a minimum number of numeric characters. If this option is enabled, configure in the Minimum numeric characters item a minimum number of numeric characters for a password |
Minimum letters in password |
Indicates whether a password must have a minimum number of letters. If this option is enabled, configure in the Minimum letters item a minimum number of letters for a password |
Minimum special characters in password |
Indicates whether a password must have a minimum number of special characters. If this option is enabled, configure in the Minimum special characters item a minimum number of special characters for a password |
Password history |
Indicates whether the last passwords of a user are stored and cannot be used. If this option is enabled, configure in the Number of passwords item how many passwords must be stored. After reaching the value indicated in this item, the oldest password is discarded and can be used again |
Automatic user blocking |
Determines the maximum number of failed login attempts to block an account. If this option is enabled, configure in the Login attempts item the maximum number of attempts |
Automatic user account unblocking |
Unblocks an account after a certain number of minutes. If this option is enabled, configure in the Time for unblocking in minutes item a time to unblock an account |
Password expiration warning |
Determines a date to start sending daily messages about the expiration date of a password. After that date, if the password is not changed, users are blocked and only an administrator can unblock them. If this option is enabled, configure in the Period before expiration in days item a date to start sending messages |
A user's account can be blocked under the following conditions:
•If a password expires (this expiration time can be a global, a group, or a user attribute)
•If users type a wrong password a certain number of times in a row, that is, login failures
Once blocked, an account does not allow login operations. This condition remains until and administrator unblocks its password manually, or else its blocking time-out expires.
The Permissions group contains the option described on the next table.
Available option on the Permissions group
Option |
Description |
Disables any permission check. This option must be used carefully, because it implies the following behaviors: a login always works, even when a password is wrong or when using a non-existent user name, and actions are always allowed, even for anonymous users. NOTE: Enabling this option directly affects the behavior of default permissions of users, that is, even if a user has a default permission denied, this denial is not applied to a Domain with this option enabled |
NOTE |
The options on the Security tab do not apply to Windows users, only to users of an Elipse E3 Domain. |