Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
32-16
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 32 Distributing Administrative Tasks
Passwords
Step 4
Configure the settings as described below.
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
When you configure account locking, enter the message to be
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
When a user account gets locked, an administrator can unlock it on the
Edit User page in the GUI or using the
Edit User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
When a user account is locked out due to reaching the maximum
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
Note
You can also manually lock individual user accounts. For more
information see
information see
.
Password Reset
You can choose whether:
•
Users should be forced to change their passwords after an
administrator changes their passwords.
administrator changes their passwords.
•
Users should be forced to change their passwords after a specified
duration. Enter the number of days a password can last before
users must change it. You can enter any number from one (1) to
366. Default is 90. In this case, you can optionally choose:
duration. Enter the number of days a password can last before
users must change it. You can enter any number from one (1) to
366. Default is 90. In this case, you can optionally choose:
–
To display a notification about the upcoming password
expiration. Enter the number of days before expiration to
notify users.
expiration. Enter the number of days before expiration to
notify users.
–
To allow a grace period (of specified days) to reset the
password after the password expiry. Enter the number of days.
password after the password expiry. Enter the number of days.
If you are setting a grace period, user accounts will be locked
if the passwords are not changed within the specified
duration. If you are not setting a grace period, users can
change their passwords any time after the password expiry.
if the passwords are not changed within the specified
duration. If you are not setting a grace period, users can
change their passwords any time after the password expiry.
Note
When a user account uses SSH keys instead of a password
challenge, the Password Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
password or ask an administrator to manually change the
password to change the keys associated with the account. For
more information, see
challenge, the Password Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
password or ask an administrator to manually change the
password to change the keys associated with the account. For
more information, see
.