Cisco Cisco Content Security Management Appliance M1070 Betriebsanweisung
13-13
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 13 Distributing Administrative Tasks
About Authenticating Administrative Users
Procedure
Step 1
Choose Management Appliance > System Administration > Users.
Step 2
Scroll down to the Local User Account and Password Settings section.
Step 3
Click Edit Settings.
Step 4
Configure settings:
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to login
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
When you configure account locking, enter the message to be displayed to the
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
When a user account gets locked, an administrator can unlock it on the Edit
User page in the GUI or using the
User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the user
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
When a user account is locked out due to reaching the maximum number of
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
Note
You can also manually lock individual user accounts. See
Password Reset
Choose whether or not users should be forced to change their passwords after
an administrator changes their passwords.
an administrator changes their passwords.
You can also choose whether or not users should be forced to change their
passwords after they expire. Enter the number of days a password can last
before users must change it. You can enter any number from one (1) to 366.
Default is 90. To force users to change their passwords at non-scheduled
times, see
passwords after they expire. Enter the number of days a password can last
before users must change it. You can enter any number from one (1) to 366.
Default is 90. To force users to change their passwords at non-scheduled
times, see
.
When you force users to change their passwords after they expire, you can
display a notification about the upcoming password expiration. Choose the
number of days before expiration to notify users.
display a notification about the upcoming password expiration. Choose the
number of days before expiration to notify users.
Note
When a user account uses SSH keys instead of a password challenge,
the Password Reset rules still apply. When a user account with SSH
keys expires, the user must enter their old password or ask an
administrator to manually change the password to change the keys
associated with the account.
the Password Reset rules still apply. When a user account with SSH
keys expires, the user must enter their old password or ask an
administrator to manually change the password to change the keys
associated with the account.
Password Rules:
Require at least
<number> characters.
<number> characters.
Enter the minimum number of characters that passwords may contain.
Enter any number between zero (0) and 128.
The default is 8.
Passwords can have more characters than the number you specify here.