Configuring Password Management Parameters

Configuring password management parameters consists of defining aging, the authentication order and authentication methods, password length and complexity, as well as the number of attempts a user can make to enter a password.

Depending on the authentication requirements, password parameters are configured locally or on the RADIUS or TACACS+ server.

Use the following CLI commands to configure password support:

CLI Syntax:
config>system>security
    password
        admin-password password [hash | hash2]
        aging days
        attempts count [time minutes1] [lockout minutes2]
        authentication-order [method-1] [method-2] [method-3] [exit-on-reject]
        complexity [numeric] [special-character] [mixed-case] 
        health-check
        minimum-length value

The following displays an example of the password command usage.

Example:
config>system>security#password 
security>password# aging 365
security>password# minimum-length 8
security>password# attempts 5 time 5 lockout 20
security>password# authentication-order radius tacplus
local

The following example displays the password configuration:

ALU-1>config>system>security# info
----------------------------------------------
    password
    authentication-order radius tacplus local
        aging 365
        minimum-length 8
        attempts 5 time 5 lockout 20
    exit
----------------------------------------------
ALU-1>config>system>security#
Parent topic: Security Configuration Procedures