67-30
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Figure67-2 Active Directory—User Must Change Password at Next Logon
The next time this user logs on, the ASA displays the following prompt: “New password required.
Password change required. You must enter a new password with a minimum length n to continue.” You
can set the minimum required password length, n, as part of the Active Directory configuration at Start>
Programs > Administrative Tools> Domain Security Policy > Windows Settings > Security Settings>
Account Policies> Password Policy. Select Minimum password length.
Using Active Directory to Specify Maximum Password Age
To enhance security, you can specify that passwords expire after a certain number of days. To specify a
maximum password age for a user password, specify the password-management command in
tunnel-group general-attributes configuration mode on the ASA and do the following steps under Active
Directory:
Step1 Select Start > Programs > Administrative Tools> Domain Security Policy > Windows Settings >
Security Settings > Account Policies> Password Policy.
Step2 Double-click Maximum password age. This opens the Security Policy Setting dialog box.
Step3 Check the Define this policy setting check box and specify the maximum password age, in days, that you
want to allow.