Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Managing User Passwords

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter38 Configuring AAA Servers and the Local Database

Configuring AAA

Step2 In the Messages area, add messages in the User accepted message and User rejected message fields.

If the user authentication occurs from Telnet, you can use the User accepted message and User rejected

message options to display different status prompts to indicate that the authentication attempt is accepted

or rejected by the AAA server.

If the AAA server authenticates the user, the ASA displays the User accepted message text, if specified,

to the user; otherwise, the ASA displays the User rejected message text, if specified. Authentication of

HTTP and FTP sessions displays only the challenge text at the prompt. The User accepted message and

User rejected message text are not displayed.

Step3 Click Apply.

The changes are saved to the running configuration.

Managing User Passwords

The ASA enables administrators with the necessary privileges to modify password policy for users in

the current context.

User passwords have the following guidelines:

•A maximum lifetime of 0 to 65536 days.

•A minimum length of 3 to 64 characters.

•A minimum number of changed characters for updates of 0 to 64 characters.

•They may include lower case characters.

•They may include upper case characters.

•They may include numbers.

•They may include special characters.

To specify password policy for users, perform the following steps:

Step1 In the ASDM main application window, choose Configuration Device Management > Users/AAA >

Password Policy.

Enter the minimum length for passwords. Valid values range from 3 to 64 characters. The recommended

minimum password length is 8 characters. If the minimum length is less than the value of any of the other

minimum values (lower case, numeric, special, and upper case), an error message appears and the

minimum length is not changed.

Step2 Enter the minimum number of changed characters for password updates. Valid values range from 0 to 64

characters. The default value is 0.

Step3 Enter the password lifetime in days. Valid values range from 0 to 65536 days. A zero value indicates that

there is no minimum password lifetime.

Step4 Enter the minimum number of lower case characters for passwords. Valid values range from 0 to 64

characters. A zero value indicates there is no minimum number of lower case characters for passwords.

Step5 Enter the minimum number of upper case characters for passwords. Valid values range from 0 to 64

characters. A zero value indicates there is no minimum number of upper case characters for passwords.

Step6 Enter the minimum number of special characters for passwords. Valid values range from 0 to 64

characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. A zero value

indicates that there is no minimum number of special characters for passwords.

Contents

Cisco Systems Managing User Passwords