Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
13-13
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 13 Distributing Administrative Tasks
About Authenticating Administrative Users
Setting Password and Login Requirements
You can define user account and password restrictions to enforce organizational password policies. The
user account and password restrictions apply to local users defined on the Security Management
appliance. You can configure the following settings:
user account and password restrictions apply to local users defined on the Security Management
appliance. You can configure the following settings:
•
User account locking. You can define how many failed login attempts cause the user to be locked
out of the account.
out of the account.
•
Password lifetime rules. You can define how long a password can exist before the user is required
to change the password after logging in.
to change the password after logging in.
•
Password rules. You can define what kinds of passwords users can choose, such as which characters
are optional or mandatory.
are optional or mandatory.
Procedure
Step 1
Choose Management Appliance > System Administration > Users.
Step 2
Scroll down to the Local User Account and Password Settings section.
Step 3
Click Edit Settings.
Step 4
Configure settings:
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to login
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
successfully. Specify the number of failed login attempts that cause the
account locking. You can enter any number from one (1) to 60. Default is five
(5).
When you configure account locking, enter the message to be displayed to the
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
user attempting to login. Enter text using 7-bit ASCII characters. This
message is only displayed when users enter the correct password to a locked
account.
When a user account gets locked, an administrator can unlock it on the Edit
User page in the GUI or using the
User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the user
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
connects from or the type of connection, such as SSH or HTTP. Once the user
successfully logs in, the number of failed login attempts is reset to zero (0).
When a user account is locked out due to reaching the maximum number of
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
failed login attempts, an alert is sent to the administrator. The alert is set at
the “Info” severity level.
Note
You can also manually lock individual user accounts. See