|
313 |
<para> |
313 |
<para> |
314 |
This selection field can be used to block individual login methods. This |
314 |
This selection field can be used to block individual login methods. This |
315 |
can happen automatically for security reasons, for example, if a user has |
315 |
can happen automatically for security reasons, for example, if a user has |
316 |
entered his password incorrectly too often, see <xref linkend="users:faillog"/>. |
316 |
entered their password incorrectly too often, see <xref linkend="users:faillog"/>. |
317 |
</para> |
317 |
</para> |
318 |
<para> |
318 |
<para> |
319 |
Normally users should always be blocked for all login methods. |
319 |
Normally users should always be blocked for all login methods. |
|
382 |
<row> |
382 |
<row> |
383 |
<entry>Change password on next login</entry> |
383 |
<entry>Change password on next login</entry> |
384 |
<entry> |
384 |
<entry> |
385 |
If this checkbox is ticked, then the user has to change his password during |
385 |
If this checkbox is ticked, then the user has to change their password during |
386 |
the next login procedure. |
386 |
the next login procedure. |
387 |
</entry> |
387 |
</entry> |
388 |
</row> |
388 |
</row> |
|
1008 |
<entry> |
1008 |
<entry> |
1009 |
The period of time set for this must have at least |
1009 |
The period of time set for this must have at least |
1010 |
expired since the last password change before a user |
1010 |
expired since the last password change before a user |
1011 |
can reset his password again. |
1011 |
can reset their password again. |
1012 |
</entry> |
1012 |
</entry> |
1013 |
</row> |
1013 |
</row> |
1014 |
|
1014 |
|
|
1017 |
<entry> |
1017 |
<entry> |
1018 |
Once the saved period of time has elapsed, the |
1018 |
Once the saved period of time has elapsed, the |
1019 |
password must be changed again by the user the next |
1019 |
password must be changed again by the user the next |
1020 |
time he logs in. If the value is left blank, the |
1020 |
time they log in. If the value is left blank, the |
1021 |
password is infinitely valid. |
1021 |
password is infinitely valid. |
1022 |
</entry> |
1022 |
</entry> |
1023 |
</row> |
1023 |
</row> |
|
1032 |
<section id="user-management:Password_changes_by_users_via_UMC"> |
1032 |
<section id="user-management:Password_changes_by_users_via_UMC"> |
1033 |
<title>Password change by user via &ucsUMC;</title> |
1033 |
<title>Password change by user via &ucsUMC;</title> |
1034 |
<para> |
1034 |
<para> |
1035 |
In &ucsUMC;, every user can reset his password via the |
1035 |
In &ucsUMC;, every user can reset their password via the |
1036 |
<guimenu>Change password</guimenu> module. The module can also be opened |
1036 |
<guimenu>Change password</guimenu> module. The module can also be opened |
1037 |
by selecting the <guimenu>Settings &ar; Change password</guimenu> |
1037 |
by selecting the <guimenu>Settings &ar; Change password</guimenu> |
1038 |
entry in the top right user menu. |
1038 |
entry in the top right user menu. |
|
1046 |
<section id="users:faillog"> |
1046 |
<section id="users:faillog"> |
1047 |
<title>Automatic lockout of users after failed login attempts</title> |
1047 |
<title>Automatic lockout of users after failed login attempts</title> |
1048 |
<para> |
1048 |
<para> |
1049 |
As standard, a user can enter his password incorrectly any number of times. To |
1049 |
As standard, a user can enter their password incorrectly any number of times. To |
1050 |
hinder brute force attacks on passwords, an automatic lockout for user accounts |
1050 |
hinder brute force attacks on passwords, an automatic lockout for user accounts |
1051 |
can be activated after a configured number of failed log-in attempts. The lockout |
1051 |
can be activated after a configured number of failed log-in attempts. The lockout |
1052 |
is activated locally per computer system as standard. In other words, if a |
1052 |
is activated locally per computer system as standard. In other words, if a |
1053 |
user enters his password incorrectly too many times on one system, he can |
1053 |
user enters their password incorrectly too many times on one system, they can |
1054 |
still login on another system. Setting the &ucsUCRV; <envar>auth/faillog/lock_global</envar> |
1054 |
still login on another system. Setting the &ucsUCRV; <envar>auth/faillog/lock_global</envar> |
1055 |
will make the lock effective globally and register it in the LDAP. The global |
1055 |
will make the lock effective globally and register it in the LDAP. The global |
1056 |
lock can only be set on domain controller master/backup systems as other |
1056 |
lock can only be set on domain controller master/backup systems as other |