Configuration Mode Commands : System Administration Commands : Account Control Management Commands : authentication policy password
  
authentication policy password
Configures the authentication policy password settings for account control.
Syntax
[no] authentication policy password {change-days <days> | dictionary enable | difference <count>| expire <days> [warn <days>] | length <length> | lock <days> | lower-case <count> | numeric <count> | repeat <count> | reuse-interval <count> | special <count> | upper-case <count>}
Parameters
change-days <days>
Specifies the minimum number of days before which passwords cannot be changed.
dictionary enable
Prevents the use of any word found in the dictionary as a password.
difference <count>
Specifies the minimum number of characters that must change between an old and new password. The default for the strong security template is 4.
If the authentication policy password difference <count> value is set to a value greater than zero, a non-administrator must specify the new and old passwords by entering the username password [old-password] command. Administrators are never required to enter an old password when changing an account password.
expire <days>
Specifies the number of days the current password stays in effect. To set the password expiration to 24 hours, specify 0. To set the password expiration to 48 hours, specify 1. Specify a negative number to turn off password expiration.
warn <days>
Specifies the number of days the user is warned before the password expires. The default for the strong security template is 7.
length <length>
Specifies the minimum password length. The default setting for the strong security template is 14 alphanumeric characters.
lock <days>
Specifies the number of days before an account with an expired password locks.
lower-case <count>
Specifies the minimum number of lowercase letters required in the password. The default for the strong security template is 1.
numeric <count>
Specifies the minimum number of numeric characters required in the password. The default for the strong security template is 1.
repeat <count>
Specifies the maximum number of times a character can occur consecutively.
reuse-interval <count>
Specifies the number of password changes allowed before a password can be reused. The default for the strong security template is 5.
special <count>
Specifies the minimum number of special characters required in the password. The default for the strong security template is 1.
upper-case <count>
Specifies the minimum number of uppercase letters required in the password. The default for the strong security template is 1.
Usage
Passwords are mandatory when account control is enabled. Passwords for all users expire as soon as account control is enabled. This behavior forces the user to create a new password that follows the password characteristics defined in the password policy.
When account control is enabled and an administrator uses the username password 7 command, the password automatically expires. Because the encrypted password cannot be checked against the configured password policy, the user is prompted to change their password at log in.
Empty passwords are not allowed when account control is enabled.
Example
amnesiac (config) # authentication policy password expire 60 warn 3
Product
SCC, Interceptor, Mobile Controller, SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands
authentication policy template, username password, username password 7, show authentication policy