Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MSE turning off password audits for root

Seting up  7.4.100 VM MSE via ./setup.sh and can not figure out how to turn off enforcement of strong passwords, like length and characeter class requirements for userid 'root'. Tried changing the audit parms and the minimun length is disabled, but no luck. any body got a suggestions?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: MSE turning off password audits for root

Hi Bruce,

Did you try to change the root password, once you disabled the strong password & acceptable pw length checking disabled. I have done that first & then change the root password to Cisco123 as shown below.

Try it & see.

[root@msedev ~]# /opt/mse/setup/setup.sh

--------------------------------------------------------------

Welcome to the Cisco Mobility Services Engine appliance setup.

You may exit the setup at any time by typing

--------------------------------------------------------------

Would you like to configure MSE using menu options (yes/no): yes

--------------------------------------------------------------

Configure MSE:

1) Display current configuration      13) Audit rules

2) Hostname *                         14) Login banner

3) Domain                             15) System control restrictions

4) High availability role             16) SSH root access

5) Network interface eth0 settings *  17) Single user password check

6) Network interface eth1 settings    18) Root password *

7) DNS settings                       19) Login and password settings

8) Timezone settings *                20) GRUB password

9) Future restart time                21) NCS communication username *

10) Remote syslog settings             22) NCS communication password *

11) Firewall settings                  23) ## Verify and apply changes ##

12) NTP settings

Please enter your choice [1 - 23]:      19

Login and password strength related parameter setup

Maximum number of days a password may be used : 99999

Minimum number of days allowed between password changes : 0

Minimum acceptable password length : disabled

Login delay after failed login : 5

Checking for strong passwords is currently disabled.

These settings will not take effect until after setup completes.

Configure MSE:

1) Display current configuration      13) Audit rules

2) Hostname *                         14) Login banner

3) Domain                             15) System control restrictions

4) High availability role             16) SSH root access

5) Network interface eth0 settings *  17) Single user password check

6) Network interface eth1 settings    18) Root password *

7) DNS settings                       19) Login and password settings

8) Timezone settings *                20) GRUB password

9) Future restart time                21) NCS communication username *

10) Remote syslog settings             22) NCS communication password *

11) Firewall settings                  23) ## Verify and apply changes ##

12) NTP settings

Please enter your choice [1 - 23]:23

Please verify the following setup information.

-----------------------------BEGIN----------------------------

    Password/Login parameters :

        Password min length = 14

        Password min days   = 0

        Password max days   = 99999

        Failed login delay  = 5

        Strong password checking = no

------------------------------END-----------------------------

You may enter "yes" to proceed with configuration, "no" to make

more changes.

Configuration Changed

Is the above information correct (yes or no): yes

--------------------------------------------------------------

Checking mandatory configuration information...

Mandatory parameters (Hostname, Network interface eth0,

Timezone, Root password, NCS username and NCS password)

have all been configured

--------------------------------------------------------------

Setup will now attempt to apply the configuration.

Setting password/login parameters....

Restarting network services with new settings.

Shutting down interface eth0:  [  OK  ]

Shutting down loopback interface:  [  OK  ]

Bringing up loopback interface:  [  OK  ]

Bringing up interface eth0:  [  OK  ]

***Configuration successful***

Restarting MSE framework service.

Stopping MSE Platform

.

MSE platform shutdown complete

Starting MSE Platform 

.

.


[root@msedev ~]# /opt/mse/setup/setup.sh

Please enter your choice [1 - 23]:      18

Root password is currently configured

Configure root password? (Y)es/(S)kip/(U)se default [Skip]: yes

Changing password for user root.

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,

digits, and other characters.  You can use a 14 character long

password with characters from all of these classes.  An upper

case letter that begins the password and a digit that ends it do

not count towards the number of character classes used.

Enter new password: Cisco123

Weak password: too short.

Re-type new password:Cisco123

passwd: all authentication tokens updated successfully.

Please enter your choice [1 - 23]:      23

Please verify the following setup information.

-----------------------------BEGIN----------------------------

    Password/Login parameters :

        Password min length = 14

        Password min days   = 0

        Password max days   = 99999

        Failed login delay  = 5

        Strong password checking = no

    Root password is changed.

------------------------------END-----------------------------

You may enter "yes" to proceed with configuration, "no" to make

more changes.

Configuration Changed

Is the above information correct (yes or no): yes

HTH

Rasika

**** Pls rate all useful responses ****

2 REPLIES
VIP Purple

Re: MSE turning off password audits for root

Hi Bruce,

Did you try to change the root password, once you disabled the strong password & acceptable pw length checking disabled. I have done that first & then change the root password to Cisco123 as shown below.

Try it & see.

[root@msedev ~]# /opt/mse/setup/setup.sh

--------------------------------------------------------------

Welcome to the Cisco Mobility Services Engine appliance setup.

You may exit the setup at any time by typing

--------------------------------------------------------------

Would you like to configure MSE using menu options (yes/no): yes

--------------------------------------------------------------

Configure MSE:

1) Display current configuration      13) Audit rules

2) Hostname *                         14) Login banner

3) Domain                             15) System control restrictions

4) High availability role             16) SSH root access

5) Network interface eth0 settings *  17) Single user password check

6) Network interface eth1 settings    18) Root password *

7) DNS settings                       19) Login and password settings

8) Timezone settings *                20) GRUB password

9) Future restart time                21) NCS communication username *

10) Remote syslog settings             22) NCS communication password *

11) Firewall settings                  23) ## Verify and apply changes ##

12) NTP settings

Please enter your choice [1 - 23]:      19

Login and password strength related parameter setup

Maximum number of days a password may be used : 99999

Minimum number of days allowed between password changes : 0

Minimum acceptable password length : disabled

Login delay after failed login : 5

Checking for strong passwords is currently disabled.

These settings will not take effect until after setup completes.

Configure MSE:

1) Display current configuration      13) Audit rules

2) Hostname *                         14) Login banner

3) Domain                             15) System control restrictions

4) High availability role             16) SSH root access

5) Network interface eth0 settings *  17) Single user password check

6) Network interface eth1 settings    18) Root password *

7) DNS settings                       19) Login and password settings

8) Timezone settings *                20) GRUB password

9) Future restart time                21) NCS communication username *

10) Remote syslog settings             22) NCS communication password *

11) Firewall settings                  23) ## Verify and apply changes ##

12) NTP settings

Please enter your choice [1 - 23]:23

Please verify the following setup information.

-----------------------------BEGIN----------------------------

    Password/Login parameters :

        Password min length = 14

        Password min days   = 0

        Password max days   = 99999

        Failed login delay  = 5

        Strong password checking = no

------------------------------END-----------------------------

You may enter "yes" to proceed with configuration, "no" to make

more changes.

Configuration Changed

Is the above information correct (yes or no): yes

--------------------------------------------------------------

Checking mandatory configuration information...

Mandatory parameters (Hostname, Network interface eth0,

Timezone, Root password, NCS username and NCS password)

have all been configured

--------------------------------------------------------------

Setup will now attempt to apply the configuration.

Setting password/login parameters....

Restarting network services with new settings.

Shutting down interface eth0:  [  OK  ]

Shutting down loopback interface:  [  OK  ]

Bringing up loopback interface:  [  OK  ]

Bringing up interface eth0:  [  OK  ]

***Configuration successful***

Restarting MSE framework service.

Stopping MSE Platform

.

MSE platform shutdown complete

Starting MSE Platform 

.

.


[root@msedev ~]# /opt/mse/setup/setup.sh

Please enter your choice [1 - 23]:      18

Root password is currently configured

Configure root password? (Y)es/(S)kip/(U)se default [Skip]: yes

Changing password for user root.

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,

digits, and other characters.  You can use a 14 character long

password with characters from all of these classes.  An upper

case letter that begins the password and a digit that ends it do

not count towards the number of character classes used.

Enter new password: Cisco123

Weak password: too short.

Re-type new password:Cisco123

passwd: all authentication tokens updated successfully.

Please enter your choice [1 - 23]:      23

Please verify the following setup information.

-----------------------------BEGIN----------------------------

    Password/Login parameters :

        Password min length = 14

        Password min days   = 0

        Password max days   = 99999

        Failed login delay  = 5

        Strong password checking = no

    Root password is changed.

------------------------------END-----------------------------

You may enter "yes" to proceed with configuration, "no" to make

more changes.

Configuration Changed

Is the above information correct (yes or no): yes

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Re: MSE turning off password audits for root

I assumed the "weak password" message indicated it wasn't taken. Thanks

592
Views
5
Helpful
2
Replies
CreatePlease to create content