AuthenticationPolicyProperties (schema)

Configuration of authentication and password policies for the NSX node

Name Description Type Notes

_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST. array of ResourceLink Readonly

_retry_prompt Prompt user at most N times before returning with error. integer Readonly
Default: "3"

_schema Schema for this resource string Readonly

_self Link to this resource SelfResourceLink Readonly

api_failed_auth_lockout_period Lockout period in seconds

Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. integer Minimum: 0
Default: "900"

api_failed_auth_reset_period Period, in seconds, for authentication failures to trigger lockout

In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. integer Minimum: 0
Default: "900"

api_max_auth_failures Number of authentication failures that trigger API lockout

Only applies to NSX Manager nodes. Ignored on other node types. integer Minimum: 0
Default: "5"

cli_failed_auth_lockout_period Lockout period in seconds

Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. integer Minimum: 0
Default: "900"

cli_max_auth_failures Number of authentication failures that trigger CLI lockout integer Minimum: 0
Default: "5"

digits Number of digits in password

Number of digits (0..9) expected in user password.

N < 0, to set minimum credit for having digits in the new password, i.e.
this is the minimum number of digits that must be met for a new password.

N > 0, to set maximum credit for having digits in the new password, i.e.
per occurrence of digit in password will attribute additional credit of +1 towards
meeting the current minimum_password_length value upto N digits.

N = 0, policy will be not applicable.

By default minimum 1 digit is required for a new password.
integer Minimum: -128
Maximum: 128
Default: "-1"

hash_algorithm Hash algorithm

Sets hash/cryptographic algorithm type for new passwords. string Enum: sha512, sha256
Default: "sha512"

lower_chars Number of lower-case characters in password

Number of lower case characters (a..z) expected in user password.

N < 0, to set minimum credit for having lower case characters in the new password, i.e.
this is the minimum number of lower case characters that must be met for a new
password.

N > 0, to set maximum credit for having lower case characters in the new password, i.e.
per occurrence of lower case character in password will attribute additional credit of +1 towards
meeting the current minimum_password_length value upto N lower case characters.

N = 0, policy will be not applicable.

By default minimum 1 lower case character is required for a new password.
integer Minimum: -128
Maximum: 128
Default: "-1"

max_repeats Number of same consecutive characters

Reject passwords which contain more than N same consecutive characters, like aaa or 7777.
To disable the check, value should be set to 0.
integer Minimum: 0
Maximum: 128
Default: "0"

max_sequence Length of permissible monotonic sequence in password substring

Reject passwords which contain more than N monotonic character sequences.
Monotonic sequences can be '12345' or 'fedcb'.
To disable the check, value should be set to 0.
integer Minimum: 0
Maximum: 128
Default: "0"

maximum_password_length Maximum password length

Maximum number of characters allowed in password;
user can not set their password of length greater than this parameter.
By default maximum length of password is 128 characters.
integer Minimum: 8
Maximum: 128
Default: "128"

minimum_password_length Minimum password length

Minimum number of characters expected in password;
user can not set their password of length less than this parameter.

NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above -

if existing appliance is configured with minimum_password_length
less than current default value, then upgraded appliance will reset the configured
setting back to recommended default; which can be explicitly modified back to
original value or any other integer greater than or equal to supported minimum value.

VMware recommends to set strong passwords for systems and appliances, further
suggests to maintain strong minimum_password_length value. NSX resets this
value to default and recommends to maintain upgraded default value or above
for password complexity requirement.

If any existing user passwords are set with length of less than newly configured
minimum_password_length, then its recommended to reset the user passwords
as per newly configured password complexity compliance.

If existing minimum_password_length is greater than or equal to
default value, which shall be retained as it is in newly upgraded appliance.

By default minimum length of password is 12 characters and passwords less than 8 characters
are never allowed.
integer Minimum: 8
Maximum: 128
Default: "12"

minimum_unique_chars Number of unique characters from old password

Number of character changes in the new password that differentiate it from the old password.
To disable the check, value should be set to 0.
integer Minimum: 0
Maximum: 128
Default: "0"

password_remembrance Password remembrance from previous generations

Limit using a password that was used in past; users can not set the same password
within the N generations. To disable the check, value should be set to 0.
integer Minimum: 0
Default: "0"

special_chars Number of special characters in password

Number of special characters (!@#$&*..) expected in user password.

N < 0, to set minimum credit for having special characters in the new password, i.e.
this is the minimum number of special characters that must be met for a new password.

N > 0, to set maximum credit for having special characters in the new password, i.e.
per occurrence of special case character in password will attribute additional credit of +1 towards
meeting the current minimum_password_length value upto N special case characters.

N = 0, policy will be not applicable.

By default minimum 1 special character is required for a new password.
integer Minimum: -128
Maximum: 128
Default: "-1"

upper_chars Number of upper-case characters in password

Number of upper case characters (A..Z) expected in user password.

N < 0, to set minimum credit for having upper case characters in the new password, i.e.
this is the minimum number of lower case characters that must be met for a new
password.

N > 0, to set maximum credit for having upper case characters in the new password, i.e.
per occurrence of upper case character in password will attribute additional credit of +1 towards
meeting the current minimum_password_length value upto N upper case characters.

N = 0, policy will be not applicable.

By default minimum 1 upper case character is required for a new password.
integer Minimum: -128
Maximum: 128
Default: "-1"

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_retry_prompt	Prompt user at most N times before returning with error.	integer	Readonly Default: "3"
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
api_failed_auth_lockout_period	Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Default: "900"
api_failed_auth_reset_period	Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Default: "900"
api_max_auth_failures	Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Default: "5"
cli_failed_auth_lockout_period	Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.	integer	Minimum: 0 Default: "900"
cli_max_auth_failures	Number of authentication failures that trigger CLI lockout	integer	Minimum: 0 Default: "5"
digits	Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N digits. N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
hash_algorithm	Hash algorithm Sets hash/cryptographic algorithm type for new passwords.	string	Enum: sha512, sha256 Default: "sha512"
lower_chars	Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having lower case characters in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N lower case characters. N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
max_repeats	Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
max_sequence	Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
maximum_password_length	Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters.	integer	Minimum: 8 Maximum: 128 Default: "128"
minimum_password_length	Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with `minimum_password_length` less than current default value, then upgraded appliance will reset the configured setting back to recommended default; which can be explicitly modified back to original value or any other integer greater than or equal to supported minimum value. VMware recommends to set strong passwords for systems and appliances, further suggests to maintain strong `minimum_password_length` value. NSX resets this value to default and recommends to maintain upgraded default value or above for password complexity requirement. If any existing user passwords are set with length of less than newly configured `minimum_password_length`, then its recommended to reset the user passwords as per newly configured password complexity compliance. If existing `minimum_password_length` is greater than or equal to default value, which shall be retained as it is in newly upgraded appliance. By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed.	integer	Minimum: 8 Maximum: 128 Default: "12"
minimum_unique_chars	Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
password_remembrance	Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0.	integer	Minimum: 0 Default: "0"
special_chars	Number of special characters in password Number of special characters (!@#$&..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password. N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length* value upto N special case characters. N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
upper_chars	Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N upper case characters. N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"