Chapter 8 Managing Users and Identity Stores

Managing Internal Identity Stores

Table 8-2

Password Complexity Tab (continued)

 

 

 

 

Option

 

 

Description

 

 

Password may not contain the username

Whether the password may contain the username or reverse username.

 

 

Password may not contain ‘cisco’

Check to specify that the password cannot contain the word cisco.

 

 

Password may not contain

Check to specify that the password does not contain the string that you enter.

 

 

Password may not contain repeated

Check to specify that the password cannot repeat characters four or more times

characters four or more times consecutively

consecutively.

 

 

Password must contain at least one character of each of the selected types

 

 

Lowercase alphabetic characters

Password must contain at least one lowercase alphabetic character.

 

 

Upper case alphabetic characters

Password must contain at least one uppercase alphabetic character.

 

 

 

Numeric characters

 

Password must contain at least one numeric character.

 

 

Non alphanumeric characters

Password must contain at least one nonalphanumeric character.

 

 

 

 

 

Step 3

In the Advanced tab, enter the values for the criteria that you want to configure for your user

 

 

authentication process. Table 8-3describes the fields in the Advanced tab.

Table 8-3

Advanced Tab

 

Options

Description

Account Disable

Supports account disablement policy for internal users.

Never

Default option where accounts never expire. All internal users who got disabled

 

because of this policy, are enabled if you select this option.

 

 

Disable account if Date exceeds

Internal user is disabled when the configured date exceeds. For example, if the

 

configured date is 28th Dec 2010, all internal users will be disabled on the

 

midnight of 28th Dec, 2010.

 

The configured date can either be the current system date or a future date. You

 

are not allowed to enter a date that is earlier than the current system date.

 

All the internal users who get disabled due to Date exceeds option are enabled

 

according to the configuration changes made in the Date exceeds option.

 

 

Disable account if Days exceed

Internal user is disabled when the configured number of days exceed. For

 

example, if the configured number of days to disable the account of a user is 60

 

days, that particular user will be disabled after 60 days from the time account

 

was enabled.

 

 

Disable account if Failed Attempts Exceed

Internal user is disabled when the successive failed attempts count reaches the

 

configured value. For example, if the configured value is 5, the internal user will

 

be disabled when the successive failed attempts count reaches 5.

 

 

Reset current failed attempts count on

If selected, failed attempts counts of all the internal users is set to 0.

submit

All internal users who were disabled because of Failed Attempts Exceed option

 

 

are enabled.

 

 

Password History

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

8-10

OL-24201-01

Page 161 Page 163
Page 162
Image 162
Cisco Systems OL-24201-01 manual Options Description, Password History
Page 161 Page 163
Top Page Image Contents