| Command | Purpose |
[size=1.4]Step 1 | password-policy lifetime days [size=1.6]ciscoasa(config)# password-policy lifetime 180 | [size=1.4](Optional) Sets the interval in days after which passwords expire for remote users (SSH, Telnet, HTTP); users at the console port are never locked out due to password expiration. Valid values are between 0 and 65536 days. The default value is 0 days, a value indicating that passwords will never expire. [size=1.4]7 days before the password expires, a warning message appears. After the password expires, system access is denied to remote users. To gain access after expiration, do one of the following: - Have another administrator change your password with the username command.
- Log in to the physical console port to change your password.
|
[size=1.4]Step 2 | password-policy minimum-changes value [size=1.6]ciscoasa(config)# password-policy minimum-changes 2 | [size=1.4](Optional) Sets the minimum number of characters that you must change between new and old passwords. Valid values are between 0 and 64 characters. The default value is 0. [size=1.4]Character matching is position independent, meaning that new password characters are considered changed only if they do not appear anywhere in the current password. |
[size=1.4]Step 3 | password-policy minimum-length value [size=1.6]ciscoasa(config)# password-policy minimum-length 8 | [size=1.4](Optional) Sets the minimum length of passwords. Valid values are between 3 and 64 characters. We recommend a minimum password length of 8 characters. |
[size=1.4]Step 4 | password-policy minimum-uppercase value [size=1.6]ciscoasa(config)# password-policy minimum-uppercase 3 | [size=1.4](Optional) Sets the minimum number of upper case characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
[size=1.4]Step 5 | password-policy minimum-lowercase value [size=1.6]ciscoasa(config)# password-policy minimum-lowercase 6 | [size=1.4](Optional) Sets the minimum number of lower case characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
[size=1.4]Step 6 | password-policy minimum-numeric value ciscoasa(config)# password-policy minimum-numeric 1 | [size=1.4](Optional) Sets the minimum number of numeric characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
[size=1.4]Step 7 | password-policy minimum-special value ciscoasa(config)# password-policy minimum-special 2 | [size=1.4](Optional) Sets the minimum number of special characters that passwords must have. Valid values are between 0 and 64 characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. The default value is 0, which means there is no minimum. |
[size=1.4]Step 8 | password-policy authenticate enable ciscoasa(config)# password-policy authenticate enable | [size=1.4](Optional) Sets whether users must change their password using the change-password command, instead of letting users change their password with the username command. The default setting is disabled: a user can use either method to change their password. [size=1.4]If you enable this feature, if you try to change your password with the username command, the following error message appears: ERROR: Changing your own password is prohibited [size=1.4]You also cannot delete your own account with the clear configure username command. If you try, the following error message appears: ERROR: You cannot delete all usernames because you are not allowed to delete yourself |
发表于 2021-3-17 14:34:38
