Local user accounts

Users are locked out (disabled) if they fail to login after three attempts. This feature is automatically enabled. Use the disable-on-login-failurecommand to change the number of login attempts (up to 10) before users are locked out.

The following rules are disabled by default:

Enhanced user password combination requirements

User password masking

Quarterly updates of user passwords

You can configure the system to store up to 15 previously configured passwords for each user.

You can use the disable-on-login-failurecommand to change the number of login attempts (up to 10) before users are locked out.

A password can now be set to expire.

Enabling enhanced user password combination requirements

When strict password enforcement is enabled on the Brocade device, you must enter a minimum of eight characters containing the following combinations when you create an enable and a user password:

At least two upper case characters

At least two lower case characters

At least two numeric characters

At least two special characters

NOTE

Password minimum and combination requirements are strictly enforced.

Use the enable strict-password-enforcementcommand to enable the password security feature.

Brocade(config)# enable strict-password-enforcement

Syntax: [no] enable strict-password-enforcement

This feature is disabled by default.

The following security upgrades apply to the enable strict-password-enforcementcommand:

Passwords must not share four or more concurrent characters with any other password configured on the router. If the user tries to create a password with four or more concurrent characters, the following error message will be returned.

Error - The substring <str> within the password has been used earlier, please choose a different password.

For example, the previous password was Ma!i4aYa&, the user cannot use any of the following as his or her new password:

-Ma!imai$D because “Mail” were used consecutively in the previous password

-&3B9aYa& because “aYa&” were used consecutively in the previous password

-i4aYEv#8 because “i4aY“were used consecutively in the previous password

If the user tries to configure a password that was previously used, the Local User Account configuration will not be allowed and the following message will be displayed.

18

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 38
Image 38
Brocade Communications Systems 6650 manual Enabling enhanced user password combination requirements