Cisco Cisco Expressway Maintenance Manual
Notes:
■
You can never set a blank password for any administrator account, regardless of this setting.
■
This setting affects only local administrator account passwords. It does not affect any other passwords used
on the Expressway, such as in the local authentication database, LDAP server, external registration
credentials, user account passwords, or administrator account passwords stored on remote credential
directories.
on the Expressway, such as in the local authentication database, LDAP server, external registration
credentials, user account passwords, or administrator account passwords stored on remote credential
directories.
■
All passwords and usernames are case sensitive.
Non-configurable rules for strict passwords
The following password rules always apply when Enforce strict passwords is set to On. There is no way to configure
them:
them:
■
Avoid multiple instances of the same characters (non-consecutive instances are checked)
■
Avoid three or more consecutive characters such as "abc" or "123"
■
Avoid dictionary words, or reversed dictionary words
■
Avoid palindromes, such as "risetovotesir"
Configurable rules for strict passwords
The following properties of the password policy can be configured:
■
Length must be at least 6 ASCII characters, but can be up to 255 (default 15)
■
Number of numeric digits [0-9] may be between 0 and 255 (default 2)
■
Number of uppercase letters [A-Z] may be between 0 and 255 (default 2)
■
Number of lowercase letters [a-z] may be between 0 and 255 (default 2)
■
Number of special characters [printable characters from 7-bit ASCII, eg. (space), @, $ etc.)] may be between
0 and 255 (default 2)
0 and 255 (default 2)
■
Number of consecutive repeated characters allowed may be between 1 and 255 (the default 0 disables the
check, so consecutive repeated characters are allowed by default; set it to 1 to prevent a password from
containing any consecutive repeats)
check, so consecutive repeated characters are allowed by default; set it to 1 to prevent a password from
containing any consecutive repeats)
■
The minimum number of character classes may be between 0 and 4 (the default 0 disables the check).
Character classes are digits, lowercase letters, uppercase letters, and special characters.
Character classes are digits, lowercase letters, uppercase letters, and special characters.
Note:
You may experience precedence effects between the required number of character classes and the
number of characters per class.
For example, if you leave the default requirements of 2 characters of each class, there is an implied rule that 4
character classes are required. In this case, any setting of Minimum number of character classes is
irrelevant.
character classes are required. In this case, any setting of Minimum number of character classes is
irrelevant.
For another example, if you set the minimum number of character classes to 2, and set the minimum number of
characters required from each class to 0, then a password that contains characters from any two of the
classes will suffice (presuming it meets all the other criteria as well).
characters required from each class to 0, then a password that contains characters from any two of the
classes will suffice (presuming it meets all the other criteria as well).
Configuring Administrator Accounts
The Administrator accounts page (Users > Administrator accounts) lists all the local administrator accounts on the
Expressway.
Expressway.
In general, local administrator accounts are used to access the Expressway on its web interface or API interface, but
are not permitted to access the CLI.
are not permitted to access the CLI.
On this page you can:
240
Cisco Expressway Administrator Guide
User Accounts