ONTAP 9.15.1 commands

security dynamic-authorization authentication-history-policy modify

Modify authentication history policy

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The security dynamic-authorization authentication-history-policy modify command updates the authentication history policy settings for dynamic authorization.

Parameters

-vserver <vserver name> - Vserver

This parameter optionally specifies the Vserver associated with the authentication history policy setting. If this parameter is specified, the setting applies to that Vserver only. If not specified, the cluster Vserver setting is used.

[-use-last-num-days <integer>] - Last Number of Days

This parameter optionally specifies the last number of days of authentication history statistics to use in calculating the trust score for the authentication history component. By default, this is set to -1, which means the trust score for authentication history component is calculated from all successful and failed authentications since the user’s first successful login.

[-lower-boundary <percent>] - Lower Boundary of Authentication Failures

This parameter optionally specifies the lower boundary of authentication failures. The value is a percentage from 0 to 99, and must be less than or equal to the upper boundary. When used in conjunction with the upper-boundary , if the authentication failures are less than the lower-boundary percentage, the authentication history component gets a full trust score, while if the authentication failures are higher than the upper-boundary percentage, the authentication history component gets a zero trust score. Authentication failures falling between the lower-boundary and upper-boundary gets a 50% trust score for the authentication history component.

[-upper-boundary <percent>] - Upper Boundary of Authentication Failures

This parameter optionally specifies upper boundary of authentication failures. The value is a percentage from 0 to 100, and must be greater than or equal to the lower boundary. Refer to the description in the lower-boundary parameter on how this setting is used.

Examples

The following command modifies the upper boundary of authentication failures for the Administrative Vserver to 90%.

cluster1::*> security dynamic-authorization authentication-history-policy modify -upper-boundary 90

cluster1::*> security dynamic-authorization authentication-history-policy show
Vserver: cluster1
                                  Last Number of Days: 90
            Lower Boundary of Authentication Failures: 10%
            Upper Boundary of Authentication Failures: 90%
Vserver: svm0
                                  Last Number of Days: -1
            Lower Boundary of Authentication Failures: 10%
            Upper Boundary of Authentication Failures: 100%
2 entries were displayed.
Top of Page