Managing user passwords, Managing user – Cisco ASA 5505 User Manual

Page 705

Advertising
background image

35-25

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Configuring AAA

Examples

The following example assigns a privilege level of 15 to the admin user account:

hostname(config)# username admin password password privilege 15

The following example creates a user account with no password:

hostname(config)# username user34 nopassword

The following example enables management authorization, creates a user account with a password,
enters username attributes configuration mode, and specifies the service-type attribute:

hostname(config)# aaa authorization exec authentication-server

hostname(config)# username user1 password gOgeOus

hostname(config)# username user1 attributes

hostname(config-username)# service-type nas-prompt

Managing User Passwords

The ASA enables administrators with the necessary privileges to modify password policy for users in
the current context.

User passwords have the following guidelines:

A maximum lifetime of 0 to 65536 days.

A minimum length of 3 to 64 characters.

A minimum number of changed characters for updates of 0 to 64 characters.

They may include lower case characters.

Step 4

service-type

{admin | nas-prompt |

remote-access

}

Example:

hostname(config-username)# service-type

admin

(Optional) Configures the user level if you configured
management authorization in

Step 2

. The admin keyword allows

full access to any services specified by the aaa authentication
console LOCAL commands. The admin keyword is the default.

The nas-prompt keyword allows access to the CLI when you
configure the aaa authentication {telnet | ssh | serial} console
LOCAL command, but denies ASDM configuration access if you
configure the aaa authentication http console LOCAL
command. ASDM monitoring access is allowed. If you enable
authentication with the aaa authentication enable console
LOCAL command, the user cannot access privileged EXEC mode
using the enable command (or the login command).

The remote-access keyword denies management access. The user
cannot use any services specified by the aaa authentication
console LOCAL commands (excluding the serial keyword; serial
access is allowed).

(Optional) If you are using this username for VPN authentication,
you can configure many VPN attributes for the user. For more
information, see the

“Configuring Attributes for Specific Users”

section on page 67-79

.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals