password-attributes expiry-alert-level

Configures the various alert levels when a SLX-OS user account's password is set to expire.

Syntax

password-attributes expiry-alert-level { [ info number-of-days ] | [ minor number-of-days ] | [ major number-of-days ] | [ critical number-of-days ] }

[no] password-attributes expiry-alert-level { [ info number-of-days ] | [ minor number-of-days ] | [ major number-of-days ] | [ critical number-of-days ] }

Parameters

info number-of-days: The configuration for the first level of notification for password expiry. This is the first level of warning for password expiry. When configured, this is the earliest notification that is generated for password expiry. This alarm is generated once.
minor number-of-days: The configuration for the second level of notification for password expiry. This alarm is generated once.
major number-of-days: The configuration for the third level of notification for password expiry. This is the penultimate level notification for password expiry. This alarm is generated once.
critical number-of-days: The configuration for the final level of notification for password expiry. This alarm is generated once.

Command Default

There are no default configurations for these alert levels.

Modes

Global Configuration Mode

Usage Guidelines

Password expiry alerts will be only be generated if the max-password-age value is configured first.

This configuration is common for all user accounts.

Allowed range is 1-90 days.

On the day the password expires, an ERROR RASLOG is generated with the message Event: user password expiring, Password of user account <user-account-name> is expiring today.

The number of alert days must be configured in the decreasing order of days as follows:

info > minor > major > critical

The command will fail with the error message %Error: Number of days for expiry-alert-level must be in the order of info > minor > major > critical when the alert levels are not configured in the above order.

Appropriate RASLOGs will be generated once for each configured alarm level.

All alert types need not be configured. User can choose to configure one or more of these alerts. User can also choose not to configure any alerts. However, when all alerts are not configured, only one RASLOG of the type ERROR with the message Event: user password expiring, Password of user account <user-account-name> is expiring today. is generated on the day the password will expire.

This configuration is common for all user accounts. When the number of days configured for a specific alert level is reached, one alert will be generated. The alert will not be repeated.

The no form of this command removes the configuration. It will turn off the alert for the provided alert level(s) or all the alert levels when no parameter is provided.

Examples

The following example configures all the password expiry alarm levels.

SLX # configure terminal
SLX (config)# password-attributes expiry-alert-level info 30 minor 20 major 10 critical 2
SLX (config)#
SLX (config)# do show running-config password-attributes
password-attributes min-length 9 
password-attributes max-logins 2 
password-attributes max-retry 2 
password-attributes max-lockout-duration 1 
password-attributes history 1 
password-attributes repeat 2 
password-attributes sequence 2 
password-attributes force-default-password-change 
password-attributes max-password-age 10 
password-attributes character-restriction upper 1 
password-attributes character-restriction lower 1
password-attributes character-restriction numeric 1 
password-attributes character-restriction special-char 1 
password-attributes admin-lockout 
password-attributes login-notify-duration 1 
password-attributes expiry-alert-level info 30 minor 20 major 10 critical 2
SLX (config)#

The following example changes the info alarm's number of days to 25 days.

SLX# configure terminal
SLX (config)# password-attributes expiry-alert-level info 25
SLX (config)#
SLX (config)# do show running-config password-attributes
password-attributes min-length 9 
password-attributes max-logins 2 
password-attributes max-retry 2 
password-attributes max-lockout-duration 1 
password-attributes history 1 
password-attributes repeat 2 
password-attributes sequence 2 
password-attributes force-default-password-change 
password-attributes max-password-age 10 
password-attributes character-restriction upper 1 
password-attributes character-restriction lower 1
password-attributes character-restriction numeric 1 
password-attributes character-restriction special-char 1 
password-attributes admin-lockout 
password-attributes login-notify-duration 1 
password-attributes expiry-alert-level info 25 minor 20 major 10 critical 2
SLX (config)#

The following example removes the configuration for password expiry alert of the level info.

SLX# configure terminal
SLX (config)# no password-attributes expiry-alert-level info 
SLX (config)#
SLX (config)# do show running-config password-attributes
password-attributes min-length 9 
password-attributes max-logins 2 
password-attributes max-retry 2 
password-attributes max-lockout-duration 1 
password-attributes history 1 
password-attributes repeat 2 
password-attributes sequence 2 
password-attributes force-default-password-change 
password-attributes max-password-age 10 
password-attributes character-restriction upper 1 
password-attributes character-restriction lower 1
password-attributes character-restriction numeric 1 
password-attributes character-restriction special-char 1 
password-attributes admin-lockout 
password-attributes login-notify-duration 1 
password-attributes expiry-alert-level minor 20 major 10 critical 2 
SLX (config)#