38-27
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 38 Configuring AAA Servers and the Local Database
Configuring AAA
Step 2 In the Messages area, add messages in the User accepted message and User rejected message fields.
If the user authentication occurs from Telnet, you can use the User accepted message and User rejected
message options to display different status prompts to indicate that the authentication attempt is accepted
or rejected by the AAA server.
If the AAA server authenticates the user, the ASA displays the User accepted message text, if specified,
to the user; otherwise, the ASA displays the User rejected message text, if specified. Authentication of
HTTP and FTP sessions displays only the challenge text at the prompt. The User accepted message and
User rejected message text are not displayed.
Step 3 Click Apply.
The changes are saved to the running configuration.
Managing User Passwords
The ASA enables administrators with the necessary privileges to modify password policy for users in
the current context.
User passwords have the following guidelines:
• A maximum lifetime of 0 to 65536 days.
• A minimum length of 3 to 64 characters.
• A minimum number of changed characters for updates of 0 to 64 characters.
• They may include lower case characters.
• They may include upper case characters.
• They may include numbers.
• They may include special characters.
To specify password policy for users, perform the following steps:
Step 1 In the ASDM main application window, choose Configuration Device Management > Users/AAA >
Password Policy.
Enter the minimum length for passwords. Valid values range from 3 to 64 characters. The recommended
minimum password length is 8 characters. If the minimum length is less than the value of any of the other
minimum values (lower case, numeric, special, and upper case), an error message appears and the
minimum length is not changed.
Step 2 Enter the minimum number of changed characters for password updates. Valid values range from 0 to 64
characters. The default value is 0.
Step 3 Enter the password lifetime in days. Valid values range from 0 to 65536 days. A zero value indicates that
there is no minimum password lifetime.
Step 4 Enter the minimum number of lower case characters for passwords. Valid values range from 0 to 64
characters. A zero value indicates there is no minimum number of lower case characters for passwords.
Step 5 Enter the minimum number of upper case characters for passwords. Valid values range from 0 to 64
characters. A zero value indicates there is no minimum number of upper case characters for passwords.
Step 6 Enter the minimum number of special characters for passwords. Valid values range from 0 to 64
characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. A zero value
indicates that there is no minimum number of special characters for passwords.