Listing password policies
You can view both group-level and user password policies using the apusermgmt list-pwpolicy command.
Listing group-level password policies
To view a group-level password policy, run the apusermgmt list-pwpolicy command and specify the --globalrole parameter.
[root@e1n1~]# apusermgmt list-pwpolicy --globalrole=Admin
+-----------------------------+-------------+-------------------------------------------------------------------------------------------------+
|Password Policy Attribute | Value | Remarks
|-----------------------------+-------------+-------------------------------------------------------------------------------------------------|
|priority |0 | The lower the value, the higher the policy's priority. The lowest supported priority value is 0 |
|minlife(hours) |1 | Minimum period of Password Lifetime(hours) |
|history |0 | The number of previous passwords that are stored and which a user is prevented from using |
|minclasses |4 | Minimum number of required classes of characters |
|minlength |15 | Minimum number of characters for a password |
|lockouttime(seconds) |600 | The period (in seconds) for which a lockout is enforced |
|maxfail |6 | The maximum number of consecutive failures |
|maxlife(days) |90 | Maximum period of Password Lifetime (days) |
|failinterval |60 | The period (in seconds) after which the failure count will be reset |
|policylevel |ibmapadmins | group-level password policy |
+-----------------------------+-------------+-------------------------------------------------------------------------------------------------+Listing the password policy in effect for a user
To see which password policy is in effect for a specific user, you can run the list-pwpolicy command for that user. The results also show which group policy is in effect for that user.
[root@e1n1 ~]# apusermgmt list-pwpolicy --user=apadmin
+-----------------------------+-------------+-------------------------------------------------------------------------------------------+
| Password Policy Attribute | Value | Remarks |
|-----------------------------+-------------+-------------------------------------------------------------------------------------------|
| minlife(hours) | 1 | Minimum period of Password Lifetime(hours) |
| history | 0 | The number of previous passwords that are stored and which a user is prevented from using |
| minclasses | 4 | Minimum number of required classes of characters |
| minlength | 15 | Minimum number of characters for a password |
| lockouttime(seconds) | 600 | The period (in seconds) for which a lockout is enforced |
| maxfail | 6 | The maximum number of consecutive failures |
| maxlife(days) | 90 | Maximum period of Password Lifetime(days) |
| failinterval | 60 | The period (in seconds) after which the failure count will be reset |
| policylevel | ibmapadmins | group-level password policy |
+-----------------------------+-------------+-------------------------------------------------------------------------------------------+