Cisco ASA 5505 User Manual

35-26

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Configuring AAA

•

They may include upper case characters.

•

They may include numbers.

•

They may include special characters.

To specify password policy for users, perform the following steps:

Command

Purpose

Step 1

password-policy lifetime

value

Example:

hostname (config)# password-policy lifetime 1000

Sets the password policy for the current context and
the interval in days after which passwords expire.
Valid values are between 0 and 65536 days. The
default value is 0 days.

Step 2

password-policy minimum-changes

value

Example:

hostname(config)# password-policy minimum-changes 4

Sets the minimum number of characters that must be
changed between new and old passwords. Valid
values are between 0 and 64 characters. The default
value is 0.

New passwords must include a minimum of 4
character changes from the current password and are
considered changed only if they do not appear
anywhere in the current password.

Step 3

password-policy minimum-length

value

Example:

hostname(config)# password-policy minimum-length 8

Sets the minimum length of passwords. Valid values
are between 3 and 64 characters. The recommended
minimum password length is 8 characters.

If the minimum length is less than the value of any
of the other minimum values (lowercase, numeric,
special, and uppercase), an error message appears
and the minimum length is not changed.

Step 4

password-policy minimum-lowercase

value

Example:

hostname(config)# password-policy minimum-lowercase

6

Sets the minimum number of lower case characters
that passwords may have. Valid values are between
0 and 64 characters. The default value is 0, which
means there is no minimum.

Step 5

password-policy minimum-numeric

value

Example:

hostname(config)# password-policy minimum-numeric 1

Sets the minimum number of numeric characters
that passwords may have. Valid values are between
0 and 64 characters. The default value is 0, which
means there is no minimum.

Step 6

password-policy minimum-special

value

Example:

hostname(config)# password-policy minimum-special 2

Sets the minimum number of special characters that
passwords may have. Valid values are between 0 and
64 characters. Special characters include the
following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. The
default value is 0, which means there is no
minimum.