beautypg.com

Configuring the strict password rules, Strict password rules – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 41

background image

Multi-Service IronWare Security Configuration Guide

23

53-1003035-02

Enabling strict password enforcement

1

Strict password rules

NOTE

If enable strict-password-enforcement is enabled, when a user is logged in and is attempting to
change their own user password, the following prompt is displayed: Enter old password. After
validating the old password, the following prompt is displayed: Enter new password.

Rules for passwords are different if the strict password enforcement is used. By default, the
following rules apply when the enable strict-password-enforcement command is executed:

Users are required to accept the message of the day (enabled).

In addition to the rule above, the following rules can be enabled:

The device can store the last 15 passwords in the CLI.

Password can be set to expire.

Password grace login attempts can be configured by administrator.

Password expiration early warning period can be configured by administrator.

Passwords are masked during password creation.

Passwords may not share four or more concurrent characters with any other password
configured on the device.

Passwords that were previously configured for a user can be rejected.

When you create an enable and a user password, you must enter a minimum of eight characters
containing the following combinations:

At least two upper case characters

At least two lower case characters

At least two numeric characters

At least two special character

NOTE

Password minimum and combination requirements are strictly enforced.

Configuring the strict password rules

Use the enable strict-password-enforcement command to enable the strict password enforcement
feature. Enter a command such as the following.

Brocade(config)# enable strict-password-enforcement

Syntax: [no] enable strict-password-enforcement

This feature is disabled by default.

When enabled, the system verifies uniqueness against the history of passwords of the user whose
password is being set. Passwords must not share four or more concurrent characters with any
other password configured for that user on the device. If the user tries to create a password which
shares four or more concurrent characters for that user, the following error message is returned:

Error - The substring within the password has been used earlier, please

choose a different password.

See also other documents in the category Brocade Computer Accessories: