Cisco Cisco Content Security Management Appliance M1070 User Guide
12-13
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 12 Distributing Administrative Tasks
Step 4
Configure the settings described in
.
Table 12-2
Local User Account and Password Settings
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to login
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
When you configure account locking, enter the message to be displayed to the
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
When a user account gets locked, an administrator can unlock it on the Edit
User page in the GUI or using the
User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the user
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
When a user account is locked out due to reaching the maximum number of
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
Note
You can also manually lock individual user accounts. See
Password Reset
Choose whether or not users should be forced to change their passwords after
an administrator changes their passwords.
an administrator changes their passwords.
You can also choose whether or not users should be forced to change their
passwords after they expire. Enter the number of days a password can last
before users must change it. You can enter any number from one (1) to 366.
Default is 90. To force users to change their passwords at non-scheduled
times, see
passwords after they expire. Enter the number of days a password can last
before users must change it. You can enter any number from one (1) to 366.
Default is 90. To force users to change their passwords at non-scheduled
times, see
.
When you force users to change their passwords after they expire, you can
display a notification about the upcoming password expiration. Choose the
number of days before expiration to notify uses.
display a notification about the upcoming password expiration. Choose the
number of days before expiration to notify uses.
After a password expires, the user is forced to change the account password
at the next login.
at the next login.
Note
When a user account uses SSH keys instead of a password challenge,
the Password Reset rules still apply. When a user account with SSH
keys expires, the user must enter their old password or ask an
administrator to manually change the password to change the keys
associated with the account.
the Password Reset rules still apply. When a user account with SSH
keys expires, the user must enter their old password or ask an
administrator to manually change the password to change the keys
associated with the account.
Password Rules:
Require at least
<number> characters.
<number> characters.
Enter the minimum number of characters that passwords may contain.
You can enter any number from 6 to 128. Default is six (6).
Password Rules:
Require at least one
number (0-9).
number (0-9).
Choose whether or not the passwords must contain at least one number.