Source:Passwort-Verwaltung
Übersicht
Password management is important for protecting sensitive data from unauthorized access, maintaining the security and integrity of SEP sesam. It involves implementing policies that enforce password complexity and protection to ensure reliable authentication and prevent unauthorized access or compromizing user accounts.
SEP sesam strenghtens password security by providing configurable options for complexity requirements, password expiration settings, and automatic account locking after multiple failed login attempts. Enforcing strong password policies helps reduce the risks of compromise through brute-force attacks or credential theft.
For added security, SEP sesam also supports two-factor authentication, providing an additional layer of security and ensuring reliable verification of the user’s identity.
Wichtige Funktionen
- Configurable password complexity requirements, including rules for minimum length, required character types (uppercase, lowercase, digits, special characters), and specification of allowed special characters, including spaces.
- Customizable password expiration dates to enforce periodic password changes and enhance security.
- Automatic user account locking after a specified number of consecutive failed login attempts to prevent unauthorized access.
- Password reset functionality with automatic generation of random passwords.
- Only Administrators with superuser/admin privileges can configure password management rules and reset passwords for other users.
Configuring password requirements
SEP sesam offers advanced password management options that allow administrators to enforce password complexity requirements and customize security policies.
Password complexity requirements
SEP sesam allows administrators to define specific password complexity rules to enhance password strength and security. These requirements can be configured using the following global settings:
- Minimum and maximum password length: The settings gui.auth.pw.min_chars and gui.auth.pw.max_chars define the minimum and maximum length of a password. The default minimum length is 8 characters.
- Required character types: The following settings specify the required number of each character type to be included in passwords:
- gui.auth.pw.min_uppercase — uppercase letters
- gui.auth.pw.min_lowercase — lowercase letters
- gui.auth.pw.min_numbers — numbers
- gui.auth.pw.min_special_chars — special characters
- Allowed special characters: The setting gui.auth.pw.special_chars defines the list of special characters permitted in a password.
- Allowed spaces: The setting gui.auth.pw.allow_space determines whether spaces are allowed in passwords.
Account locking
To prevent automated, brute-force attacks and unauthorized access attempts, SEP sesam allows administrators to define the maximum number of consecutive failed login attempts before an account is locked. Once this limit is reached, the user account is automatically locked, and the user must contact the administrator to unlock the account and regain access.
The setting gui.auth.pw.max_failure_count specifies the allowed number of consecutive failed login attempts before locking the account. The default value is 5.
To unlock an account, in the GUI menu bar navigate to Configuration -> Permission Management. Select the user and uncheck the User Locked option.
Abbildungen
Password expiration
To improve password security and enforce regular password changes, you can configure a specific password expiration date for individual users. Once the expiration date is reached, the user must change their password to continue using SEP sesam.
To set the password expiration date, in the GUI menu bar navigate to Configuration -> Permission Management. Select the user and enter the required date in the Expiration day of the password field. Click the downward arrow to open the calendar and select the date. If the field is left empty, the password will not expire.
Abbildungen
Rücksetzen des Benutzerpassworts
To reset the password of another user, you must have superuser/admin privileges. In the process SEP sesam generates a random password, which you send to the user. The user can use the generated password to log in and then change it to a new personal one. The password can be reset in the GUI or in the command line.
Rücksetzen des Passworts in der GUI
Gehen Sie wie folgt vor, um das Passwort für einen Benutzer in der GUI zurückzusetzen:
- Wählen Sie in der Menüleiste Konfiguration -> Berechtigungsverwaltung. Das Fenster Berechtigungsverwaltung wird geöffnet.
- Doppelklicken Sie auf den Benutzer, für den Sie das Kennwort zurücksetzen möchten, oder wählen Sie den Benutzer aus und klicken Sie auf Ändern.
- Klicken Sie im Fenster Benutzer ändern auf Passwort zurücksetzen.
- Klicken Sie auf Ja, um die Aktion zu bestätigen.
- Kopieren Sie das generierte Passwort und senden Sie es an den Benutzer. Klicken Sie dann auf OK, um die Änderungen zu übernehmen.
Abbildungen
Abbildungen
Abbildungen
Abbildungen
Rücksetzen des Passworts über die Kommandozeile
Um ein Benutzerpasswort zurückzusetzen, melden Sie sich an der SEP sesam Server Konsole an und geben Sie den folgenden Befehl ein:
sm_cmd reset user <ID or name>
Der Befehl setzt das Passwort zurück und generiert ein neues Zufallspasswort, das dem Benutzer zugesandt werden kann.
Beispiel:
In diesem Beispiel ist der Benutzername mustermann.
sm_cmd reset user mustermann C:\Program Files\SEPsesam\bin\sesam>sm_cmd reset user mustermann bouryper39
Changing your password
To change your own user password in the GUI follow the procedure below:
- From the menu bar select Configuration ‐> Change Password. The Change Password window opens.
- Enter your current password. Then enter your new password and repeat the new password to confirm the change.
- Click OK to apply the change.
Abbildungen
