• debug

Guidelines for Cisco UCS Manager Passwords

Apassword isrequired for eachlocally authenticated user account. A user with admin or aaa privileges can
configureCisco UCS Manager to perform apassword strengthcheck on user passwords.If thepassword
strengthcheck is enabled, each user must havea strong password.
Ciscorecommends that each user have a strong password.If you enablethe passwordstrength check for
locallyauthenticated users, CiscoUCS Manager rejectsany passwordthat does notmeet thefollowing
requirements:
• Must contain a minimum of 8 characters and a maximum of 64 characters.
• Must contain at least three of the following:
◦ Lower case letters
◦ Upper case letters
◦ Digits
◦ Special characters
• Must not contain a character that is repeated more than 3 times consecutively,such as aaabbb.
• Must not be identical to the username or the reverse of the username.
• Must pass a password dictionary check. For example, the password must not be based on a standard
dictionaryword.
• Must not contain the following symbols: $ (dollar sign), ? (question mark), and = (equals sign).
• Should not be blank for local user and admin accounts.

Web Session Limits for User Accounts

Websession limits are used by Cisco UCS Manager to restrict the number of web sessions (both GUI and
XML)a given user account is permitted to access at any one time.
Bydefault, the number of concurrent web sessions allowed by Cisco UCS Manager is set to 32; although this
valuecan be configuredup tothe systemmaximum of 256.
User Roles
Userroles contain one or more privileges that define the operations allowed for the user who is assigned the
role.A user can be assigned one or more roles. A user assigned multiple roles has the combined privileges of
allassigned roles. For example, if Role1 has storage related privileges, and Role2 has server related privileges,
userswho areassigned to bothRole1 and Role2 have storageand server related privileges.
ACisco UCS domain can contain up to 48 user roles, including the default user roles.
Allroles include read access to all configuration settings in the Cisco UCS domain. The difference between
theread-only role and other roles is that a user who isonly assignedthe read-only role cannot modify the
systemstate. A userassigned another role canmodify the systemstate in that user's assignedarea or areas.
Cisco UCS Manager GUI Configuration Guide, Release 2.0
162 OL-25712-04
User Roles