auth password-policy
auth password-policy(1) BIG-IP TMSH Manual auth password-policy(1)
NAME
password-policy - Specifies the parameters of the valid passwords for the BIG-IP(r) system.
MODULE
auth
SYNTAX
Configure the password-policy component within the auth module using the syntax shown in the following sections.
MODIFY
modify password-policy
options:
expiration-warning [integer]
max-duration [integer]
max-login-failures [integer]
min-duration [integer]
minimum-length [integer]
password-memory [integer]
policy-enforcement [disabled | enabled]
required-lowercase [integer]
required-numeric [integer]
required-special [integer]
required-uppercase [integer]
lockout-duration [integer]
DISPLAY
list password-policy
list password-policy
show running-config password-policy
show running-config password-policy
options:
all-properties
non-default-properties
one-line
DESCRIPTION
Users assigned a role of Administrator or Resource Administrator can modify a password policy for the BIG-IP system to
enforce a company's security requirements by defining the parameters for valid passwords. Users assigned other roles can
view password policies.
EXAMPLES
password-policy max-duration 90 min-duration 30 minimum-length 6 required-lowercase 2 required-uppercase 2 required-special
1 required-numeric 1 expiration-warning 5
Creates a password policy that specifies that passwords are valid for a maximum of 90 days and a minimum of 30 days. Also
specifies that to be valid, a password must contain at least 6 characters, but not more than 10 characters, including 2
lowercase alpha characters, 2 uppercase alpha characters, and 1 number. Additionally, this policy specifies that the system
automatically warns users five days before their passwords expire.
list password-policy
Displays the password policy.
OPTIONS
expiration-warning
Specifies the number of days before a password expires. Based on this value, the BIG-IP system automatically warns
users when their password is about to expire. The default value is 7 days.
max-duration
Specifies the maximum number of days a password is valid. The default value is 99999.
max-login-failures
Specifies the number of consecutive unsuccessful login attempts that the system allows before locking out the user.
The default value is 0 (zero - disabled).
min-duration
Specifies the minimum number of days a password is valid. The default value is 0 (zero).
minimum-length
Specifies the minimum number of characters in a valid password. The default value is 6.
password-memory
Specifies whether the user has configured the BIG-IP system to remember a password on a specific computer. The default
value is 0 (zero).
policy-enforcement
Enables or disables the password policy on the BIG-IP system. The default value is disabled.
required-lowercase
Specifies the number of lowercase alpha characters that must be present in a password for the password to be valid.
The default value is 0 (zero).
required-numeric
Specifies the number of numeric characters that must be present in a password for the password to be valid. The
default value is 0 (zero).
required-special
Specifies the number of special characters that must be present in a password for the password to be valid. The
default value is 0 (zero).
required-uppercase
Specifies the number of uppercase alpha characters that must be present in a password for the password to be valid.
The default value is 0 (zero).
lockout-duration
Specifies the amount of time in seconds that a locked-out user must wait before being allowed to log in again unless
manually unlocked.
SEE ALSO
auth user, modify, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All rights reserved.
BIG-IP 2019-02-20 auth password-policy(1)