Password Pane

To configure global settings

From the server console, click Configuration > Authentication > Password.

To configure group or user settings

From the server console, click Configuration
Under Subconfiguration, click either Group Configuration or User Configuration.
Select an item and then click Edit (or click Add and then specify a new group or user name).
From the list of configurable panels, click Authentication > Password.

From the password pane, you can configure both traditional password authentication and keyboard interactive authentication.

Note: Items on this pane can be configured globally or as part of a subconfiguration.

Password authentication

Allow

When Password authentication using keyboard interactive is not selected, the server allows only traditional password authentication.

When Password authentication using keyboard interactive is selected, the server allows both traditional password authentication and keyboard interactive authentication.

Require

When Password authentication using keyboard interactive is not selected, the server requires traditional password authentication.

When Password authentication using keyboard interactive is selected, the server requires keyboard interactive authentication.

Deny

Denies both password authentication and keyboard interactive authentication, regardless of whether Password authentication using keyboard interactive is selected.

Retries

Note: When Password authentication using keyboard interactive is not selected, these settings apply to traditional password authentication only; when selected, these settings also apply to keyboard interactive authentication.

Number of password attempts

Sets the maximum number of password attempts allowed.

If the client is configured to allow a larger number of attempts, the client user sees the larger number of prompts, but the value specified here sets the actual limit.

If the client is configured to allow a smaller number of attempts, the client sets the actual limit.

Delay between tries (seconds)

Sets the number of seconds the server should wait to send an additional password prompt after a client password authentication failure.

Password authentication options

Permit empty passwords

Specifies whether the server allows password authentication by users with empty (null) passwords.

Note: Empty passwords must also be supported in your Windows Group Policy configuration.

Allow password change

Specifies whether users are allowed to change their password during authentication.

Subconfiguration Features

Reload inherited settings

Removes subconfiguration-specific values from all settings on this pane. All settings values revert to their current inherited state.

Note: This change is not finalized until you save your configuration using File > Save.

(asterisk)

Indicates that the value of a setting is specific to the current subconfiguration. The server always applies the specified value, regardless of any subsequent changes you make to global or inherited settings.