Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
33-16
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Passphrases
Step 4
Configure the settings as described below.
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
When you configure account locking, enter the message to be
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
passphrase to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
passphrase to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
When a user account gets locked, an administrator can unlock it on the
Edit User page in the GUI or using the
Edit User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
When a user account is locked out due to reaching the maximum
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
Note
You can also manually lock individual user accounts. For more
information see
information see
.
Passphrase Reset
You can choose whether:
•
Users should be forced to change their passphrases after an
administrator changes their passphrases.
administrator changes their passphrases.
•
Users should be forced to change their passphrases after a
specified duration. Enter the number of days a passphrase can last
before users must change it. You can enter any number from one
(1) to 366. Default is 90. In this case, you can optionally choose:
specified duration. Enter the number of days a passphrase can last
before users must change it. You can enter any number from one
(1) to 366. Default is 90. In this case, you can optionally choose:
–
To display a notification about the upcoming passphrase
expiration. Enter the number of days before expiration to
notify users.
expiration. Enter the number of days before expiration to
notify users.
–
To allow a grace period (of specified days) to reset the
passphrase after the passphrase expiry. Enter the number of
days.
passphrase after the passphrase expiry. Enter the number of
days.
If you are setting a grace period, user accounts will be locked
if the passphrases are not changed within the specified
duration. If you are not setting a grace period, users can
change their passphrases any time after the passphrase expiry.
if the passphrases are not changed within the specified
duration. If you are not setting a grace period, users can
change their passphrases any time after the passphrase expiry.
Note
When a user account uses SSH keys instead of a passphrase
challenge, the Passphrase Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
passphrase or ask an administrator to manually change the
passphrase to change the keys associated with the account. For
more information, see
challenge, the Passphrase Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
passphrase or ask an administrator to manually change the
passphrase to change the keys associated with the account. For
more information, see
.