In the Password management tab you manage the passwords of all defined local accounts.
The passwords of LDAP accounts are only managed on the LDAP server.
The passwords of the local accounts have the attributes Validity time, Warning time, Minimum time, and Inactivity time:
During the Validity time, which applies from the last time the password was set, it is possible to log in without restriction.
During the Minimum time which is defined by the administrator, a BS2000 administrator, operator, AU administrator or add-on administrator cannot change their own password.
During the Warning time, a warning is issued that the password will soon no longer be valid. However, it is possible to log in without restrictions.
During the Inactivity time, the password is no longer valid, but it is still possible to log in. Directly after a user has logged in, a request to change the password is issued.
After the Inactivity time has elapsed, the account is locked. It can be opened again from an(other) administration account or, if necessary, by Customer Support.
The value -1 for the Inactivity time results in the inactivity time not elapsing.
The value 99999 for the Validity time means, in practice, that you need not change the password.
The figure below shows the relationship between these times.
When the SE server is supplied, the following values are predefined for the Validity time, Warning time, Minimum time, and Inactivity time for the standard account admin:
Account | Minimum | Validity | Warning | Inactivity | Comment |
admin | 0 | 60 | 7 | -1 | The account is never locked, it is always possible to log in with the old password. The value -1 for the inactivity time means that it never expires. |
When you create another local account using the SE Manager, the passwords you specify are initially assigned the following attributes:
Account | Minimum | Validity | Warning | Inactivity |
<name> | 7 | 60 | 7 | 7 |
The minimum time is not relevant for an administrator account and the value 0 is therefore displayed for it.
As administrator you can disable an account in the password management. You can only log in under this account again if you activate the account.
You can also force a change of password. When you force a change of password for an account which is locked by the system, you permit a one-off login using the previous password.
Displaying password attributes
> | In the tree structure select Authorizations The Password management tab displays the defined local accounts with their password attributes. |
Changing passwords or password attributes
For a BS2000 administrator, operator, AU administrator or add-on administrator the functionality is restricted to their own account: They can change their own password if it has not yet expired and the minimum time between two changes has been reached.
Only an administrator can change password attributes.
> | Click the Change icon for the required account and change the properties as required. In configurations with multiple MUs, the password attributes of the account are changed on all MUs. |