Cisco Cisco Email Security Appliance C190 用户指南
31-18
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 31 Distributing Administrative Tasks
Passwords
Table 31-2
Local User Account and Password Settings
Setting
Description
User Account Lock
Choose whether or not to lock the user account after the user fails to
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
login successfully. Specify the number of failed login attempts that
cause the account locking. You can enter any number from one (1) to
60. Default is five (5).
When you configure account locking, enter the message to be
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
displayed to the user attempting to login. Enter text using 7-bit ASCII
characters. This message is only displayed when users enter the correct
password to an account locked by an administrator. This message is
not shown for accounts locked due to failed login attempts.
When a user account gets locked, an administrator can unlock it on the
Edit User page in the GUI or using the
Edit User page in the GUI or using the
userconfig
CLI command.
Failed login attempts are tracked by user, regardless of the machine the
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
user connects from or the type of connection, such as SSH or HTTP.
Once the user successfully logs in, the number of failed login attempts
is reset to zero (0).
When a user account is locked out due to reaching the maximum
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
number of failed login attempts, an alert is sent to the administrator.
The alert is set at the “Info” severity level.
Note
You can also manually lock individual user accounts. For more
information see
information see
.
Password Reset
Choose whether or not users should be forced to change their
passwords after an administrator changes their passwords.
passwords after an administrator changes their passwords.
You can also choose whether or not users should be forced to change
their passwords after they expire. Enter the number of days a password
can last before users must change it. You can enter any number from
one (1) to 366. Default is 90.
their passwords after they expire. Enter the number of days a password
can last before users must change it. You can enter any number from
one (1) to 366. Default is 90.
When you force users to change their passwords after they expire, you
can display a notification about the upcoming password expiration.
Choose the number of days before expiration to notify uses.
can display a notification about the upcoming password expiration.
Choose the number of days before expiration to notify uses.
After a password expires, the user is forced to change the account
password at the next login.
password at the next login.
Note
When a user account uses SSH keys instead of a password
challenge, the Password Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
password or ask an administrator to manually change the
password to change the keys associated with the account. For
more information, see
challenge, the Password Reset rules still apply. When a user
account with SSH keys expires, the user must enter their old
password or ask an administrator to manually change the
password to change the keys associated with the account. For
more information, see
.
Password Rules:
Require at least <number>
characters.
characters.
Enter the minimum number of characters that a password may contain.
Enter any number between 0 and 128.
Default is 8 characters.
Passwords can have more characters than the number you specify here.