Filter
Top Products
4-31
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 4 Setting Up the Sensor
Configuring Authentication and User Parameters
Example
For example, you can set a policy where passwords must have at least 10 characters and no more than
40, and must have a minimum of 2 upper case and 2 numeric characters. Once that policy is set, every
password configured for each user account must conform to this password policy.
To set up a password policy, follow these steps:
Step 1 Log in to the sensor using an account with administrator privileges.
Step 2 Enter password strength authentication submode.
sensor# configure terminal
sensor(config)# service authentication
sensor(config-aut)# password-strength
Step 3 Set the minimum number of numeric digits that must be in a password. The range is 0 to 64.
sensor(config-aut-pas)# digits-min 6
Step 4 Set the minimum number of nonalphanumeric printable characters that must be in a password. The range
is 0 to 64.
sensor(config-aut-pas)# other-min 3
Step 5 Set the minimum number of uppercase alphabet characters that must be in a password. The range is 0 to
64.
sensor(config-aut-pas)# uppercase-min 3
Step 6 Set the minimum number of lower-case alphabet characters that must be in a password.
sensor(config-aut-pas)# lowercase-min 3
Step 7 Set the number of old passwords to remember for each account. A new password cannot match any of
the old passwords of an account.
sensor(config-aut-pas)# number-old-passwords 3
Step 8 Check your new setting.
sensor(config-aut-pas)# show settings
password-strength
-----------------------------------------------
size: 8-64 <defaulted>
digits-min: 6 default: 0
uppercase-min: 3 default: 0
lowercase-min: 3 default: 0
other-min: 3 default: 0
number-old-passwords: 3 default: 0
-----------------------------------------------
sensor(config-aut-pas)#
For More Information
For the procedures for recovering sensor passwords, see Recovering the Password, page 17-2.