Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
28-19
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Passwords
Step 5
Submit and commit your changes.
External Authentication
If you store user information in an LDAP or RADIUS directory on your network, you can configure your
Cisco appliance to use the external directory to authenticate users who log in to the appliance. To set up
the appliance to use an external directory for authentication, use the System Administration > Users page
in the GUI or the
Cisco appliance to use the external directory to authenticate users who log in to the appliance. To set up
the appliance to use an external directory for authentication, use the System Administration > Users page
in the GUI or the
userconfig
command and the
external
subcommand in the CLI.
When external authentication is enabled and a user logs into the Email Security appliance, the appliance
first determines if the user is the system defined “admin” account. If not, then the appliance checks the
first configured external server to determine if the user is defined there. If the appliance cannot connect
to the first external server, the appliance checks the next external server in the list.
first determines if the user is the system defined “admin” account. If not, then the appliance checks the
first configured external server to determine if the user is defined there. If the appliance cannot connect
to the first external server, the appliance checks the next external server in the list.
For LDAP servers, if the user fails authentication on any external server, the appliance tries to
authenticate the user as a local user defined on the Email Security appliance. If the user does not exist
on any external server or on the appliance, or if the user enters the wrong password, access to the
appliance is denied.
authenticate the user as a local user defined on the Email Security appliance. If the user does not exist
on any external server or on the appliance, or if the user enters the wrong password, access to the
appliance is denied.
Password Rules:
Ban usernames and their
variations as passwords.
variations as passwords.
Choose whether or not the password are allowed to be the same as the
associated username or variations on the username. When username
variations are banned, the following rules apply to passwords:
associated username or variations on the username. When username
variations are banned, the following rules apply to passwords:
•
The password may not be the same as the username, regardless of
case.
case.
•
The password may not be the same as the username in reverse,
regardless of case.
regardless of case.
•
The password may not be the same as the username or reversed
username with the following character substitutions:
username with the following character substitutions:
–
"@" or "4" for "a"
–
"3" for "e"
–
"|", "!", or "1" for "i"
–
"0" for "o"
–
"$" or "5" for "s"
–
"+" or "7" for "t"
Password Rules:
Ban reuse of the last
<number> passwords.
<number> passwords.
Choose whether or not users are allowed to choose a recently used
password when they are forced to change the password. If they are not
allowed to reuse recent passwords, enter the number of recent
passwords that are banned from reuse.
password when they are forced to change the password. If they are not
allowed to reuse recent passwords, enter the number of recent
passwords that are banned from reuse.
You can enter any number from one (1) to 15. Default is three (3).
Table 28-2
Local User Account and Password Settings (continued)
Setting
Description