Configuring Local-User Password Properties; Configuring Local-User Account Management Properties; Local-User Account Lockouts - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Configuring Local-User Password Properties
software's Shared Configuration Task (SCT). Because local-user accounts were designed to be compliant with
ANSI T1.276-2003, the system provides a number of mechanisms for managing these types of administrative
user accounts.
Configuring Local-User Password Properties
Local-user account password properties are configured globally and apply to all local-user accounts. The
system supports the configuration of the following password properties:
• Complexity: Password complexity can be forced to be compliant with ANSI T1.276-2003.
• History length: How many previous password versions should be tracked by the system.
• Maximum age: How long a user can use the same password.
• Minimum number of characters to change: How many characters must be changed in the password
• Minimum change interval: How often a user can change their password.
• Minimum length: The minimum number of characters a valid password must contain.
Refer to the local-user password command in the Global Configuration Mode Commands chapter of the
Command Line Interface Reference for details on each of the above parameters.
Configuring Local-User Account Management Properties
Local-user account management includes configuring account lockouts and user suspensions.
Local-User Account Lockouts
Local-user accounts can be administratively locked for the following reasons:
• Login failures: The configured maximum login failure threshold has been reached. Refer to the local-user
• Password Aging: The configured maximum password age has been reached. Refer to the local-user
Accounts that are locked out are inaccessible to the user until either the configured lockout time is reached
(refer to the local-user lockout-time command in the Global Configuration Mode Commands chapter of the
Command Line Interface Reference) or a security administrator clears the lockout (refer to the clear local-user
command in the Exec Mode Commands chapter of the Command Line Interface Reference).
Important
ASR 5000 System Administration Guide, StarOS Release 21.1
148
during a reset.
max-failed-logins command in the Global Configuration Mode Commands chapter of the Command
Line Interface Reference for details
password command in the Global Configuration Mode Commands chapter of the Command Line
Interface Reference for details.
Local-user administrative user accounts could be configured to enforce or reject lockouts. Refer to the
local-user username command in the Global Configuration Mode Commands chapter of the Command
Line Interface Reference for details.
Software Management Operations
Advertisement
Table of Contents
Troubleshooting
