35-26
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Configuring AAA
They may include upper case characters.
They may include numbers.
They may include special characters.
To specify password policy for users, perform the following steps:
Command Purpose
Step1 password-policy lifetime value
Example:
hostname (config)# password-policy lifetime 1000
Sets the password policy for the current context and
the interval in days after which passwords expire.
Valid values are between 0 and 65536 days. The
default value is 0 days.
Step2 password-policy minimum-changes value
Example:
hostname(config)# password-policy minimum-changes 4
Sets the minimum number of characters that must be
changed between new and old passwords. Valid
values are between 0 and 64 characters. The default
value is 0.
New passwords must include a minimum of 4
character changes from the current password and are
considered changed only if they do not appear
anywhere in the current password.
Step3 password-policy minimum-length value
Example:
hostname(config)# password-policy minimum-length 8
Sets the minimum length of passwords. Valid values
are between 3 and 64 characters. The recommended
minimum password length is 8 characters.
If the minimum length is less than the value of any
of the other minimum values (lowercase, numeric,
special, and uppercase), an error message appears
and the minimum length is not changed.
Step4 password-policy minimum-lowercase value
Example:
hostname(config)# password-policy minimum-lowercase
6
Sets the minimum number of lower case characters
that passwords may have. Valid values are between
0 and 64 characters. The default value is 0, which
means there is no minimum.
Step5 password-policy minimum-numeric value
Example:
hostname(config)# password-policy minimum-numeric 1
Sets the minimum number of numeric characters
that passwords may have. Valid values are between
0 and 64 characters. The default value is 0, which
means there is no minimum.
Step6 password-policy minimum-special value
Example:
hostname(config)# password-policy minimum-special 2
Sets the minimum number of special characters that
passwords may have. Valid values are between 0 and
64 characters. Special characters include the
following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. The
default value is 0, which means there is no
minimum.