Polycom RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide
15-12 Polycom, Inc.
Defining Password Change Frequency
The frequency with which a user can change a password is determined by the value of the
MIN_PWD_CHANGE_FREQUENCY_IN_DAYS System Flag. The value of the flag is the
number of days that users must retain a password.
• Possible retention period is between 0 and 7 days. In Ultra Secure Mode the retention
period is between 1 (default) and 7.
•If the System Flag is set to 0, users do not have to change their passwords. The System
Flag cannot be set to 0 when the RMX is in Ultra Secure Mode.
• If a user attempts to change a password within the time period specified by this flag, an
error, Password change is not allowed before defined min time has passed, is displayed.
An administrator can assign a new password to a user at any time.
Forcing Password Change
When the system is in Ultra Secure Mode the user is forced to change his/her password as
follows:
• After modifying the value of the ULTRA_SECURE_MODE System Flag to YES, all
RMX users are forced to change their Login passwords.
• When an administrator creates a new user, the user is forced to change his/her
password on first Login.
• If an administrator changes a users User ID name, that user is forced to change his/her
password on his/her next Login.
• If a user logs in using his/her old or default password, the Login attempt will fail. An
error, User must change password, is displayed.
• Changes made by the administrator to any of the Strong Password enforcement System
Flags render users’ passwords invalid.
Example: A user is logged in with a fifteen character password. The administrator changes
the value of the MIN_PASSWORD_LENGTH System Flag to 20.
The next time the user tries to log in, he/she is forced to change his/her password to meet
the updated Strong Password requirements.
Temporary User Lockout
When the ULTRA_SECURE_MODE System Flag is set to YES, Temporary User Lockout is
implemented as a defense against Denial of Service Attacks or Brutal Attacks. Such attacks
usually take the form of automated rapid Login attempts with the aim of gaining access to or
rendering the target system (any network entity) unable to respond to users.
If a user tries to log in to the system and the Login is unsuccessful, the user’s next Login
attempt only receives a response from the RMX after 4 seconds.
User Lockout
User Lockout can be enabled to lock a user out of the system after three consecutive Login
failures with same User Name. The user is disabled and only the administrator can enable the
user within the system. User Lockout is enabled when the USER_LOCKOUT System Flag is
set to YES.
If the user tries to login while the account is locked, an error message, Account is disabled, is
displayed.
User Lockout is an Audit Event.