Password Change Policy - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
If the user has been already authenticated and logged on to the system and if the password expires, then no
action will be taken. The user will be prompted to change the password only during the next authentication
for the same user.
Password Change Policy
The new password must contain a minimum of 4 character changes from the previous password. A password
change can be triggered by the following scenarios:
• The security administrator wants to change the password.
• The user is trying to get authenticated using a profile, and the password for that profile has expired.
When the security administrator changes the password security policy and the existing profile does not meet
the password security policy rules, no action will be taken if the user has already logged on to the system.
The user will be prompted to change the password only when the user tries to get authenticated using the
profile that does not meet the password security restriction.
When the user changes the password, the lifetime parameters set by the security administrator for the old
profile will be the lifetime parameters for the new password.
For noninteractive clients such as dot1x, when the password expires, appropriate error messages will be sent
to the clients, and the clients must contact the security administrator to renew the password.
User Reauthentication Policy
Users are reauthenticated when they change their passwords.
When users change their passwords on expiry, they will be authenticated against the new password. In such
cases, the actual authentication happens based on the previous credentials, and the new password is updated
in the database.
Users can change their passwords only when they are logging on and after the expiry of the old password;
Note
however, a security administrator can change the user's password at any time.
Support for Framed (noninteractive) Session
When a client such as dot1x uses the local database for authentication, the Password Strength and Management
for Common Criteria feature will be applicable; however, upon password expiry, clients will not be able to
change the password. An appropriate failure message will be sent to such clients, and the user must request
the security administrator to change the password.
How to Configure Password Strength and Management for Common Criteria
Configuring the Password Security Policy
Perform this task to create a password security policy and to apply the policy to a specific user profile.
How to Configure Password Strength and Management for Common Criteria
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1055
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
