search cancel

Configure Password Complexity (password-policy) with Content Analysis Command Line Interface (CLI)

book

Article ID: 174401

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

Configure password rules for local users. For example, a password can be required to contain at least one uppercase letter, one number, and one special character. By default, these rules are not configured and user passwords do not have restrictions enforced.

This article describes how to configure password complexity (password-policy) in Content Analysis Command Line Interface (CLI) enable mode.

Resolution

Syntax

(config)# password-policy ?

min-digits - Set the minimum number of digits required in a password. Range: 0-255. By setting this rule to 0 (the default), numbers are not required in a password.

min-groups - Set the minimum number of password rules (min-digits, min-lowercase, min-special, min-uppercase) that must be met. Range: 0-4. By setting this rule to 0 (the default), the password does not have to meet a minimum number of rules. For example, if min-digits and min-special rules are set, set min-groups to 2. Note: min-length is not counted as a rule for the purposes of the min-groups command.

min-length - Set the minimum number of characters required in a password. Range: 0- 255. By setting this rule to 0 (the default), the password can have any length.

min-lowercase - Set the minimum number of lowercase letters required in a password. Range: 0-255. By setting this rule to 0 (the default), lowercase letters are not required in a password.

min-special - Set the minimum number of special characters (symbols) required in a password. Range: 0-255. By setting this rule to 0 (the default), special characters are not required in a password.

min-uppercase - Set the minimum number of uppercase letters contained in a password. Range: 0-255. By setting this rule to 0 (the default), uppercase letters are not required in a password.

prohibit-common-words builtin - Don't allow common dictionary words to be specified in passwords.

prohibit-whitespace true | false - Enable/disable rejection of white space in passwords. Default=false.

Notes

· The sub-commands listed above can either be entered in password-policy configuration mode (at the config-password-policy prompt or in configuration mode (at the config prompt).

· Use the show password-policy-configuration command to display the password policy settings.

· To remove a rule, type no before the rule command. For example: no min-lowercase

· If multiple password policy rules are configured but the min-groups command is not configured, the rules will not take effect; only the min-length rule will be enforced.

Examples

To require a password to have at least 8 characters, and have at least one number, one symbol, and one uppercase letter, set the following rules:

(config)# password-policy

(config-password-policy)# min-length 8

(config-password-policy)# min-digits 1

(config-password-policy)# min-special 1

(config-password-policy)# min-uppercase 1

(config-password-policy)# min-groups 3

(config)# show password-policy-configuration

min-uppercase: 1

min-groups: 3

prohibit-whitespace: false

min-special: 1

min-digits: 1

min-length: 8

min-lowercase: 0

prohibit-common-words: No dictionary defined

After these rules are configured and a user tries to specify "test" for the user password, the following message will appear:

(config local-user-list john_jones)# password test

Please enter a valid password.

Password must contain at least 1 uppercase character.

Password must contain at least 1 special character.

Password must contain at least 1 digit character.

Password matches 0 of 3 character rules, but 3 are required.

Password must be at least 8 characters in length.