Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Software Management Operations
▀ Managing Local-User Administrative Accounts
▄ Cisco ASR 5000 Series System Administration Guide
OL-22970-01
Managing Local-User Administrative Accounts
Unlike context-level administrative accounts which are configured via a configuration file, information for local-user
administrative accounts is maintained in a separate file on the CompactFlash and managed through the software‘s
Shared Configuration Task (SCT). Because local-user accounts were designed to be compliant with ANSI T1.276-2003,
the system provides a number of mechanisms for managing these types of administrative user accounts.
administrative accounts is maintained in a separate file on the CompactFlash and managed through the software‘s
Shared Configuration Task (SCT). Because local-user accounts were designed to be compliant with ANSI T1.276-2003,
the system provides a number of mechanisms for managing these types of administrative user accounts.
Configuring Local-User Password Properties
Local-user account password properties are configured globally and apply to all local-user accounts. The system
supports the configuration of the following password properties:
supports the configuration of the following password properties:
Complexity: Password complexity can be forced to be compliant with ANSI T1.276-2003.
History length: How many previous password versions should be tracked by the system.
Maximum age: How long a user can use the same password.
Minimum number of characters to change: How many characters must be changed in the password during a
reset.
Minimum change interval: How often a user can change their password.
Minimum length: The minimum number of characters a valid password must contain.
Refer to the
command in the Global Configuration Mode chapter of the Command Line
Interface Reference for details on each of the above parameters.
Configuring Local-User Account Management Properties
Local-user account management includes configuring account lockouts and user suspensions.
Local-User Account Lockouts
Local-user accounts can be administratively locked for the following reasons:
Login failures: The configured maximum login failure threshold has been reached. Refer to the
command in the Global Configuration Mode chapter of the Command Line Interface
Reference for details
Password Aging: The configured maximum password age has been reached. Refer to the
command in the Global Configuration Mode chapter of the Command Line Interface Reference for
details.
Accounts that are locked out are inaccessible to the user until either the configured lockout time is reached (refer to the
command in the Global Configuration Mode chapter of the Command Line Interface
Reference) or a security administrator clears the lockout (refer to the
command in the Exec
Mode chapter of the Command Line Interface Reference).