This feature prevents a user from updating their password to some password that was used in the recent past. A configurable number of previous password hashes are saved in the system. Any future proposed password update is compared against this list and marked invalid if there is a perfect match.
The administrator controls this feature through NSX Advanced Load Balancer CLI or REST API. The settings for this feature are maintained within the UserAccountProfile object. By default, all the users in the system are attached to Default-User-Account-Profile, as shown below. If required, the admin can create a new user account profile with different thresholds.
admin:10-10-24-52]: > show useraccountprofile Default-User-Account-Profile +-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 0 | | max_login_failure_count | 20 | | account_lock_timeout | 30 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 0 | +-------------------------------+---------------------------------------------------------+
Use the following CLI to change the password history count.
[admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile [admin:10-10-24-52]: useraccountprofile> max_password_history_count 5 Overwriting the previously entered value for max_password_history_count [admin:10-10-24-52]: useraccountprofile> save +-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 5 | | max_login_failure_count | 20 | | account_lock_timeout | 30 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 0 | +-------------------------------+---------------------------------------------------------+
