If the user has been already authenticated and logged on to the system and if the password expires, then no
action will be taken. The user will be prompted to change the password only during the next authentication
for the same user.
Password Change Policy
The new password must contain a minimum of 4 character changes from the previous password. A password
change can be triggered by the following scenarios:
•
The security administrator wants to change the password.
•
The user is trying to get authenticated using a profile, and the password for that profile has expired.
When the security administrator changes the password security policy and the existing profile does not meet
the password security policy rules, no action will be taken if the user has already logged on to the system.
The user will be prompted to change the password only when the user tries to get authenticated using the
profile that does not meet the password security restriction.
When the user changes the password, the lifetime parameters set by the security administrator for the old
profile will be the lifetime parameters for the new password.
For noninteractive clients such as dot1x, when the password expires, appropriate error messages will be sent
to the clients, and the clients must contact the security administrator to renew the password.
User Reauthentication Policy
Users are reauthenticated when they change their passwords.
When users change their passwords on expiry, they will be authenticated against the new password. In such
cases, the actual authentication happens based on the previous credentials, and the new password is updated
in the database.
Users can change their passwords only when they are logging on and after the expiry of the old password;
however, a security administrator can change the user's password at any time.
Note
Support for Framed (noninteractive) Session
When a client such as dot1x uses the local database for authentication, the Password Strength and Management
for Common Criteria feature will be applicable; however, upon password expiry, clients will not be able to
change the password. An appropriate failure message will be sent to such clients, and the user must request
the security administrator to change the password.
How to Configure Password Strength and Management for Common Criteria
Configuring the Password Security Policy
Perform this task to create a password security policy and to apply the policy to a specific user profile.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1055
How to Configure Password Strength and Management for Common Criteria
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......