管理员可以选择使用户凭据在可配置的天数后过期。凭据过期后,所有 API 调用都会出错。目前仅支持 API 或用户帐户,以允许用户更改密码。如果用户已配置一个电子邮件地址,也可以按照忘记密码工作流重置密码。
管理员可通过 NSX Advanced Load Balancer CLI 或 REST API 控制此功能。其设置是在 UserAccountProfile 对象中维护的。默认情况下,系统中的所有用户都连接到 Default-User-Account-Profile ,如以下示例中所示。如果需要,管理员可以创建具有不同阈值的新用户帐户配置文件。
+-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 0 | | max_login_failure_count | 20 | | account_lock_timeout | 30 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 0 | +-------------------------------+---------------------------------------------------------+ CLI commands to set credentials_timeout_threshold: [admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile Updating an existing object. Currently, the object is: [admin:10-10-24-52]: useraccountprofile> credentials_timeout_threshold 60 Overwriting the previously entered value for credentials_timeout_threshold [admin:10-10-24-52]: useraccountprofile> save +-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 0 | | max_login_failure_count | 20 | | account_lock_timeout | 30 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 60 | +-------------------------------+---------------------------------------------------------+
