パスワードは、-require-initial-passwd-updateオプションを有効にしたあとにリセットされても翌日に期限切れになる

環境

ONTAP 9

問題

•  -require-initial-passwd-update セキュリティログインロールの設定オプションを有効にした後、そのロールに属するすべてのユーザのパスワードが想定どおりに期限切れになりました。

Thu May 25 2023 11:24:00 +09:00 [kern_audit:info:2224]Vserver-01:ssh :: 1xx.xxx.21.xx:37504 :: Vserver-01:Username-01 :: security login role config modify -vserver Vserver-01 -role mt-role -require-initial-passwd-update enabled :: Success

[Username-01@xxxxxxx1 ~]$ date;ssh Username-01@Vserver-01
Thu May 25 11:14:01 JST 2023
Password:

Last login time: 5/17/2023 13:55:07
Unsuccessful login attempts since last login: 1
Your password has expired. Choose a new password.
Enter a new password:
Enter it again:

•  パスワードをリセットしたら、新しいパスワードでユーザに正常にログインします。

[User-01@xxxxxx1 ~]$ date; ssh User-01@Node-01

Thu May 25 11:29:25 JST 2023
Password:

Last login time: 5/25/2023 11:28:39
Unsuccessful login attempts since last login: 1

• 通常、パスワードをリセットした後は、アカウントの有効期限がに設定されているため、パスワードが期限切れに unlimitedならないようにしてください。ただし、次の日にパスワードの有効期限が再度切れます。

[User-01@xxxxxx1 ~]$ date;ssh User-01@Node-01
Fri May 26 11:47:33 JST 2023
Password:

Last login time: 5/25/2023 11:29:32
Unsuccessful login attempts since last login: 1
Your password has expired. Choose a new password.
Enter a new password:

::> security login role config show -role Role-01 -instance
                                            Vserver: Vserver-01
                                          Role Name: Role-01
                   Minimum Username Length Required: 3
                             Username Alpha-Numeric: disabled
                   Minimum Password Length Required: 8
                             Password Alpha-Numeric: enabled
   Minimum Number of Special Characters Required In
                                       The Password: 0
                         Password Expires In (Days): unlimited
     Require Initial Password Update on First Login: enabled
                  Maximum Number of Failed Attempts: 0
                      Maximum Lockout Period (Days): 0
                       Disallow Last 'N' Passwords : 6
              Delay Between Password Changes (Days): 0
       Delay after Each Failed Login Attempt (Secs): 4
  Minimum Number of Lowercase Alphabetic Characters
                           Required in the Password: 0
  Minimum Number of Uppercase Alphabetic Characters
                           Required in the Password: 0
  Minimum Number of Digits Required in the Password: 0
     Display Warning Message Days Prior to Password
                                      Expiry (Days): unlimited
                         Account Expires in (Days): unlimited
      Maximum Duration of Inactivity before Account
                                  Expiration (Days): unlimited