Cisco Cisco Packet Data Gateway (PDG)
Software Management Operations
▀ Managing Local-User Administrative Accounts
▄ ASR 5000 System Administration Guide, StarOS Release 18
160
Managing Local-User Administrative Accounts
Unlike context-level administrative accounts which are configured via a configuration file, information for local-user
administrative accounts is maintained in a separate file in flash memory and managed through the software’s Shared
Configuration Task (SCT). Because local-user accounts were designed to be compliant with ANSI T1.276-2003, the
system provides a number of mechanisms for managing these types of administrative user accounts.
administrative accounts is maintained in a separate file in flash memory and managed through the software’s Shared
Configuration Task (SCT). Because local-user accounts were designed to be compliant with ANSI T1.276-2003, the
system provides a number of mechanisms for managing these types of administrative user accounts.
Configuring Local-User Password Properties
Local-user account password properties are configured globally and apply to all local-user accounts. The system
supports the configuration of the following password properties:
supports the configuration of the following password properties:
Complexity: Password complexity can be forced to be compliant with ANSI T1.276-2003.
History length: How many previous password versions should be tracked by the system.
Maximum age: How long a user can use the same password.
Minimum number of characters to change: How many characters must be changed in the password during a
reset.
Minimum change interval: How often a user can change their password.
Minimum length: The minimum number of characters a valid password must contain.
Refer to the
local-user password
command in the Global Configuration Mode Commands chapter of the Command
Line Interface Reference for details on each of the above parameters.
Configuring Local-User Account Management Properties
Local-user account management includes configuring account lockouts and user suspensions.
Local-User Account Lockouts
Local-user accounts can be administratively locked for the following reasons:
Login failures: The configured maximum login failure threshold has been reached. Refer to the local-user max-
failed-logins command in the Global Configuration Mode Commands chapter of the Command Line Interface
Reference for details
Reference for details
Password Aging: The configured maximum password age has been reached. Refer to the local-user password
command in the Global Configuration Mode Commands chapter of the Command Line Interface Reference for
details.
details.
Accounts that are locked out are inaccessible to the user until either the configured lockout time is reached (refer to the
local-user lockout-time command in the Global Configuration Mode Commands chapter of the Command Line
Interface Reference) or a security administrator clears the lockout (refer to the clear local-user command in the Exec
Mode Commands chapter of the Command Line Interface Reference).
local-user lockout-time command in the Global Configuration Mode Commands chapter of the Command Line
Interface Reference) or a security administrator clears the lockout (refer to the clear local-user command in the Exec
Mode Commands chapter of the Command Line Interface Reference).
Important:
Local-user administrative user accounts could be configured to enforce or reject lockouts. Refer to
the local-user username command in the Global Configuration Mode Commands chapter of the Command Line
Interface Reference for details.
Interface Reference for details.