Password Settings Template
Use the Password Settings template to manage password criteria and enforcement for all locally configured appliance users. When new users are created, password validation ensures that enterprise security standards are enforced.
NOTE: You can only apply the Password Settings template to appliances running version 9.6.0 and later.
NOTE: If the enforcePasswordCriteria field on the Orchestrator Advanced Properties is set to true, all properties in the following table are enabled. If the enforcePasswordCriteria field on the Orchestrator Advanced Properties is set to false, this template will not be applied.
WARNING: The Password Settings template enables password enforcement and user inactivity controls on appliances. You cannot disable password enforcement on the appliance after this template is applied.
| Field | Description |
|---|---|
| Password Minimum Length | Minimum number of characters for the password. Allowable range: 8-64. The default is 8. |
| Use Lowercase Letter in Password | Select this check box to require a lowercase letter in the password. |
| Use Uppercase Letter in Password | Select this check box to require an uppercase letter in the password. |
| Use Digit in Password | Select this check box to require a number in the password. |
| Use Special Symbol in Password | Select this check box to require a special symbol in the password. |
| Password Expire Days | Number of days before the password expires. Allowable range: 30-360. The default is 90. |
| Notify Password Expiry Days | Number of days before the password expires to notify the user of the upcoming expiration. The user is notified via a popup. Allowable range: 5-30. The default is 7. |
| Password History Count | Number of previous passwords to store for the user to ensure passwords are not repeated. Allowable range: 4-8. The default is 8. |
| User Inactive Days | Automatic deletion of the user account occurs based on the configured number of inactive days that have transpired. Enter the number of inactive days (30 - 360) that will trigger the user account to be deleted. Enter 0 to disable automatic user account deletion. The default is 0. The only exception to this policy is that the user “admin” will never be deleted. |
Use the following CLI commands to set the threshold on the number of failed password attempts and the lockout duration if the number of failed password attempts is exceeded for appliance users:
aaa auth-failure deny n where n is the threshold number of failed attempts
aaa auth-failure unlock-time n where n is the number of seconds that the account will be locked