Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
28-17
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Passwords
Configuring Restrictive User Account and Password Settings
You can define user account and password restrictions to enforce organizational password policies. The
user account and password restrictions apply to local users defined on the Cisco appliance. You can
configure the following settings:
user account and password restrictions apply to local users defined on the Cisco appliance. You can
configure the following settings:
•
User account locking. You can define how many failed login attempts cause the user to be locked
out of the account.
out of the account.
•
Password lifetime rules. You can define how long a password can exist before the user is required
to change the password after logging in.
to change the password after logging in.
•
Password rules. You can define what kinds of passwords users can choose, such as which characters
are optional or mandatory.
are optional or mandatory.
You define user account and password restrictions on the System Administration > Users page in the
Local User Account and Password Settings section.
Local User Account and Password Settings section.
Procedure
Step 1
Choose System Administration > Users.
Step 2
Scroll to the Local User Account and Password Settings section.
Step 3
Click Edit Settings.
Step 4
Configure the settings described in
.
Table 28-2
Local User Account and Password Settings
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
When you configure account locking, enter the message to be
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
When a user account gets locked, an administrator can unlock it on the
Edit User page in the GUI or using the
Edit User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
When a user account is locked out due to reaching the maximum
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
Note
You can also manually lock individual user accounts. For more
information see
information see