Support User Manuals

Cisco Systems 4.2 Server User Manual

Open as PDF

of 214

5-6

Configuration Guide for Cisco Secure ACS 4.2

OL-14390-02

Chapter 5 Password Policy Configuration Scenario

Step 2: Configure Password Policy

Step 2 On the Password Policy Setup Page, specify:

• Password Validation Options

See Specify Password Validation Options, page 5-6.

• Password Lifetime Options

See Specify Password Lifetime Options, page 5-6.

• Password Inactivity Options

See Specify Password Inactivity Options, page 5-7.

• Incorrect Password Attempt Option

See Specify Incorrect Password Attempt Options, page 5-7.

Specify Password Validation Options

In the Password Validation Options section, configure:

• Password may not contain the username—If enabled, the password cannot contain the username

or the reverse username.

• Minimum length n characters—n specifies the minimum length of the password (default = 4,

range = 4 to 20).

• Uppercase alphabetic characters—If enabled, the password must contain uppercase alphabetic

characters.

• Lowercase alphabetic characters—If enabled, the password must contain lowercase alphabetic

characters.

• Numeric characters—If enabled, the password must contain numeric characters.

• Non alphanumeric characters—If enabled, the password must contain nonalphanumeric

characters; for example, the at symbol (@).

• Password must be different from the previous n versions—If enabled, the password must be

different from the previous n versions (default = 10, range = 0 to 99).

Specify Password Lifetime Options

In the Password Lifetime Options section, configure:

• The password will require change after n days—Following a change of password, if this option

is enabled, n specifies the number of days before ACS requires a change of password due to

password age (the default value is 30 days). The range is 1 to 365. When checked (enabled), the

Administrator will be locked after n days option causes ACS to compare the two password lifetime

Options and use the greater value of the two.

• The Administrator will be locked out after n days—Following a change of password, if this

option is enabled, n specifies the number of days before ACS locks out the associated administrator

account due to password age. The default value is 30 days; the range is1 to 365 days.

previous next