Enabling user password aging, Configuring password history – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 38

Advertising
background image

To enable password masking, enter the following command.

device(config)#enable user password-masking

Syntax: [no] enable user password-masking

Enabling user password aging

For enhanced security, password aging enforces quarterly updates of all user passwords. After 180
days, the CLI will automatically prompt users to change their passwords when they attempt to sign on.

When password aging is enabled, the software records the system time that each user password was
configured or last changed. The time displays in the output of the show running configuration
command, indicated by set-time time .

device#show run

Current configuration:

....

username waldo password .....

username raveen set-time 2086038248

....

The password aging feature uses the NTP server clock to record the set-time. If the network does not
have an NTP server, then set-time will appear as set-time 0 in the output of the show running
configuration command.

A username set-time configuration is removed when:

• The username and password is deleted from the configuration
• The username password expires

When a username set-time configuration is removed, it no longer appears in the show running
configuration output.

Note that if a username does not have an assigned password, the username will not have a set-time
configuration.

Password aging is disabled by default. To enable it, enter the following command at the global
CONFIG level of the CLI.

device(config)#enable user password-aging

Syntax: [no] enable user password-aging

Configuring password history

By default, the Brocade device stores the last five user passwords for each user. When changing a
user password, the user cannot use any of the five previously configured passwords.

For security purposes, you can configure the Brocade device to store up to 15 passwords for each
user, so that users do not use the same password multiple times. If a user attempts to use a password
that is stored, the system will prompt the user to choose a different password.

To configure enhanced password history, enter a command such as the following at the global
CONFIG level of the CLI.

device(config)#enable user password-history 15

Syntax: [no] enable user password-history 1-15

Enabling user password aging

38

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

Advertising
Popular Brands
Popular manuals