Hi,
Additionally if you use local-database then you can do this much with limited options.
Managing User Passwords
The ASA enables administrators with the necessary privileges to modify password policy for users in the current context.
User passwords have the following guidelines:
•
A maximum lifetime of 0 to 65536 days.
•A minimum length of 3 to 64 characters.
•A minimum number of changed characters for updates of 0 to 64 characters.
•They may include lower case characters.
•They may include upper case characters.
•They may include numbers.
•They may include special characters.
To specify password policy for users, perform the following steps:
| |
Command |
Purpose |
|---|
|
Step 1 |
password-policy lifetime value
Example:
hostname (config)# password-policy lifetime 1000 |
Sets the password policy for the current context and the interval in days after which passwords expire. Valid values are between 0 and 65536 days. The default value is 0 days. |
|
Step 2 |
password-policy minimum-changes value
Example:
hostname(config)# password-policy minimum-changes 4 |
Sets the minimum number of characters that must be changed between new and old passwords. Valid values are between 0 and 64 characters. The default value is 0.
New passwords must include a minimum of 4 character changes from the current password and are considered changed only if they do not appear anywhere in the current password. |
|
Step 3 |
password-policy minimum-length value
Example:
hostname(config)# password-policy minimum-length 8 |
Sets the minimum length of passwords. Valid values are between 3 and 64 characters. The recommended minimum password length is 8 characters.
If the minimum length is less than the value of any of the other minimum values (lowercase, numeric, special, and uppercase), an error message appears and the minimum length is not changed. |
|
Step 4 |
password-policy minimum-lowercase value
Example:
hostname(config)# password-policy minimum-lowercase 6 |
Sets the minimum number of lower case characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
|
Step 5 |
password-policy minimum-numeric value
Example:
hostname(config)# password-policy minimum-numeric 1 |
Sets the minimum number of numeric characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
|
Step 6 |
password-policy minimum-special value
Example:
hostname(config)# password-policy minimum-special 2 |
Sets the minimum number of special characters that passwords may have. Valid values are between 0 and 64 characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(` and `)'. The default value is 0, which means there is no minimum. |
|
Step 7 |
password-policy minimum-uppercase value
Example:
hostname(config)# password-policy minimum-uppercase 3 |
Sets the minimum number of upper case characters that passwords may have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum. |
|
Step 8 |
password-policy authenticate enable
Example:
hostname(config)# password-policy authenticate
enable
|
(Optional) Determines whether or not users are allowed to modify their own user account.
If authentication is enabled, users cannot change their own password or delete their own account with the username command or with the clear configure username command. |
Regards
Karthik
