I need to set the following password policies for accounts on ACS, where do I go to configure these? 1. password min 8 char 2.password alphanumeric 3. do not allow last 4 password, 4. after x unsuccessful logins, lock account for 5 minutes. On item #4, I know how to lock the account after x, unsuccessful logins. It's the "re-enable account after 5 minutes" that I'm having a hard time with.
ACS system configuration--->Local password management.
Our options are,
Password Validation Options
* Password length between X and Y characters. Type the minimum and maximum number of characters that you want to require for the user's password, or leave the numbers set to the default of 4 and 32 characters.
* Password may not contain the username. Select this check box to require that the user's password does not contain the username anywhere within it.
* Password is different from the previous value. Select this check box to require the user's new password to be different from the previous password.
* Password must be alphanumeric. Select this check box to require the user's password to contain both letters and numbers
Option 4> "re-enable account after 5 minutes" in not available.
Ah...excellent. With all of the security compliance going around these days it would seem that a top priority would be extending the password requirements to include the full set of features I initially was asking about. Do you know if any of these is on the Dev road map for ACS and if so, an approximate date we'll see these features in the product?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...