beautypg.com

Enabling strict password enforcement, Regular password rules – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 40

background image

22

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Enabling strict password enforcement

1

NOTE

You must be logged on with Super User access (privilege level 0) to add user accounts or configure
other access parameters.

To display user account information, enter the following command.

Brocade(config)# show users

Syntax: show users

Note about changing local user passwords

The Brocade device stores not only the current password configured for a local user, but the
previous two passwords configured for the user as well. The local user's password cannot be
changed to one of the stored passwords.

Consequently, if you change the password for a local user, you must select a password that is
different from the current password, as well as different from the previous two passwords that had
been configured for that user.

For example, say local user waldo originally had a password of “whereis”, and the password was
subsequently changed to “whois”, then later changed to “whyis”. If you change waldo's password
again, you cannot change it to “whereis”, “whois”, or “whyis”.

The current and previous passwords are stored in the device’s running configuration file in
encrypted form.

Example

Brocade# show run

...

username waldo password 8 $1$Ro2..Ox0$udBu7pQT5XyuaXMUiUHy9. history

$1$eq...T62$IfpxIcxnDWX7CSVQKIodu. $1$QD3..2Q0$DYxgxCI64ZOSsYmSSaA28/

...

In the running configuration file, the user’s previous two passwords are displayed in encrypted form
following the history parameter.

Enabling strict password enforcement

Additional security to the local username and password by configuring the enable
strict-password-enforcement CLI command. Note the rules for passwords if the strict password is
disabled and when it is enabled.

Regular password rules

The following rules apply to passwords unless the enable strict-password-enforcement command is
executed:

A minimum of one character is required to create a password.

The last 3 passwords are stored in the CLI.

No password expiration.

Users are not locked out (disabled) after failed login attempts.

See also other documents in the category Brocade Computer Accessories: