Configuring Local Authentication Settings

This procedure describes how to configure the password and account security options for all locally-authenticated KeyControl-managed user accounts. Password requirements for externally-authenticated accounts is managed in your LDAP authentication server.

Log into the KeyControl Vault Management webGUI using an account with Security Admin privileges. In the top right, click the Switch to Appliance Management link.
In the top menu bar, click Settings.
In the General Settings section, click Authentication.
In the Type drop-down list, select Local (Password).

On the Basic tab, change the options as desired, then click Apply when finished.

Field	Description
Password Expiration	The maximum number of days that a password can be used before it expires. KeyControl also uses this value to calculate the default password expiration date when a new local KeyControl user is created. (Default: 60.) Once a password expires, the user is prompted to change their account password the next them they log into the webGUI.
Max Failed Logins	The number of failed login attempts allowed before the user account is locked. (Default: 5.) If the maximum number of logins is exceeded, the next time the user attempts to log in they receive a message informing them that the account is disabled and telling them to talk to a Security Administrator. The Security Administrator must then re-enable the account as described in Re-enabling a KeyControl-Managed User Account. Note: This option applies to all KeyControl-managed accounts, even ones that are authenticated using LDAP.
Minimum Previous Passwords	The number of unique new passwords that must be associated with a user account before an old password can be used. (Default: 5.)

Field

Description

Password Expiration

The maximum number of days that a password can be used before it expires. KeyControl also uses this value to calculate the default password expiration date when a new local KeyControl user is created. (Default: 60.)

Once a password expires, the user is prompted to change their account password the next them they log into the webGUI.

Max Failed Logins

The number of failed login attempts allowed before the user account is locked. (Default: 5.)

If the maximum number of logins is exceeded, the next time the user attempts to log in they receive a message informing them that the account is disabled and telling them to talk to a Security Administrator.

The Security Administrator must then re-enable the account as described in Re-enabling a KeyControl-Managed User Account.

Note: This option applies to all KeyControl-managed accounts, even ones that are authenticated using LDAP.

Minimum Previous Passwords

The number of unique new passwords that must be associated with a user account before an old password can be used. (Default: 5.)

On the Strength tab, click the desired value to change the setting, then click Save when finished. If you change one of these settings, KeyControl applies the new requirements to any new passwords created for a KeyControl account. It does not apply the requirements to any existing KeyControl account passwords.

Field	Description
Minimum Password Length	The minimum number of characters that must be in a password. (Default: 8.)
Minimum Uppercase Characters	The minimum number of characters that must be upper case. (Default: 1.)
Minimum Special Characters	The minimum number of characters that must be something other than a-z, A-Z,or 0-9. (Default: 1.)
Minimum Lowercase Characters	The minimum number of characters that must be lowercase. (Default: 1.)
Minimum Required Digits	The minimum number of characters that must be numeric. (Default: 1.)

When you are finished, click Close.