Password Management Overview
5-6 User Account and Password Management
guest read-only enabled 0 0 no 00:00 24:00 mon tue wed
Password Management Overview
Individual user account passwords are configured with the set password command. Configured
passwords are transmitted and stored in a one-way encrypted form, using a FIPS 140-2 compliant
algorithm.
When passwords are entered on the switch using the CLI, the switch automatically suppresses the
clear text representation of the password. In addition, the switch ensures that passwords are not
available in clear text to any user, including administrators.
The switch ensures that the password does not contain, repeat, or reverse the associated
username.
All password changes are logged by the switch.
System Level Password Settings
At the system level, you can configure password requirements with the set system password
command. Among other characteristics, the set system password command allows you to
configure password length, repetition, character usage, password sharing, and aging.
The following list describes in detail the system level password requirements that can be
configured:
• Whether the switch maintains and verifies a password history (from 0 to 10) per account (set
system password history). The previously used passwords for a user account stored in the
password history are checked for duplication when a new password is configured for that
account with the set password command.
• Whether the switch enforces a minimum period of waiting before an existing password can be
updated (set system password change-frequency). An exception to this requirement is the
first time update, which if configured, requires a new user logging in for the first time to
change their password (set system password change-first-login).
– A password change-frequency interval of zero means there is no restriction on the
frequency of password changes.
– A configured minimum change-frequency interval applies only to users without super-
user privileges attempting to change their own passwords. Users with super-user
privileges may change their passwords at any time.
• Whether the switch allows multiple accounts to share the same password. (set system
password allow-duplicates.)
• Whether the switch enforces a minimum number of characters required for passwords (set
system password length).
• Whether the switch allows the same character to appear consecutively in the same password
(set system password allow-repeatingchars).
• Whether the switch enforces a configurable minimum number of characters of a specific type
that must be present in a user account password (set system password min-requiredchars).
The following types are supported:
– Upper case characters (default 0)
– Lower case characters (default 0)
– Numeric characters (default 0)
To Next Page
Loading...
Need help?
General