Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
33-15
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Passphrases
Locking and Unlocking a User Account
Locking a user account prevents a local user from logging into the appliance. A user account can be
locked in one of the following ways:
locked in one of the following ways:
•
AsyncOS locks a user account if the user exceeded the maximum number of failed login attempts
defined in the Local User Account & Passphrase Settings section.
defined in the Local User Account & Passphrase Settings section.
•
Administrators can manually lock user accounts for security purposes using the System
Administration > Users page.
Administration > Users page.
AsyncOS displays the reason why the user account was locked when you view the user account on the
Edit User page.
Edit User page.
To unlock a user account, open the user account by clicking on the user name in the Users listing and
click Unlock Account.
click Unlock Account.
To manually lock a local user account, open the user account by clicking on the user name in the Users
listing and click Lock Account. AsyncOS displays a message saying that the user will be unable to log
into the appliance and asks if you want to continue.
listing and click Lock Account. AsyncOS displays a message saying that the user will be unable to log
into the appliance and asks if you want to continue.
You can also configure all local user accounts to lock after users fail to login successfully after a
configured number of attempts. For more information, see
configured number of attempts. For more information, see
Note
If you lock the admin account, you can only unlock it by logging in as the admin through a serial
communications connection to the serial console port. The admin user can always access the appliance
using the serial console port, even when the admin account is locked. See
communications connection to the serial console port. The admin user can always access the appliance
using the serial console port, even when the admin account is locked. See
for more information on accessing the appliance using the serial console port.
Configuring Restrictive User Account and Passphrase Settings
You can define user account and passphrase restrictions to enforce organizational passphrase policies.
The user account and passphrase restrictions apply to local users defined on the Cisco appliance. You
can configure the following settings:
The user account and passphrase restrictions apply to local users defined on the Cisco appliance. You
can configure the following settings:
•
User account locking. You can define how many failed login attempts cause the user to be locked
out of the account.
out of the account.
•
Passphrase lifetime rules. You can define how long a passphrase can exist before the user is
required to change the passphrase after logging in.
required to change the passphrase after logging in.
•
Passphrase rules. You can define what kinds of passphrases users can choose, such as which
characters are optional or mandatory.
characters are optional or mandatory.
You define user account and passphrase restrictions on the System Administration > Users page in the
Local User Account & Passphrase Settings section.
Local User Account & Passphrase Settings section.
Procedure
Step 1
Choose System Administration > Users.
Step 2
Scroll to the Local User Account & Passphrase Settings section.
Step 3
Click Edit Settings.