auth password-policy
auth password-policy(1) BIG-IP TMSH Manual auth password-policy(1)
NAME
password-policy - Specifies the parameters of the valid passwords for the BIG-IP(r) system.
MODULE
auth
SYNTAX
Configure the password-policy component within the auth module using the syntax shown in the following
sections.
MODIFY
modify password-policy
options:
expiration-warning [integer]
max-duration [integer]
max-login-failures [integer]
min-duration [integer]
minimum-length [integer]
password-memory [integer]
policy-enforcement [disabled | enabled]
required-lowercase [integer]
required-numeric [integer]
required-special [integer]
required-uppercase [integer]
lockout-duration [integer]
DISPLAY
list password-policy
list password-policy
show running-config password-policy
show running-config password-policy
options:
all-properties
non-default-properties
one-line
DESCRIPTION
Users assigned a role of Administrator or Resource Administrator can modify a password policy for the BIG-IP
system to enforce a company's security requirements by defining the parameters for valid passwords. Users
assigned other roles can view password policies.
EXAMPLES
password-policy max-duration 90 min-duration 30 minimum-length 6 required-lowercase 2 required-uppercase 2
required-special 1 required-numeric 1 expiration-warning 5
Creates a password policy that specifies that passwords are valid for a maximum of 90 days and a minimum of 30
days. Also specifies that to be valid, a password must contain at least 6 characters, but not more than 10
characters, including 2 lowercase alpha characters, 2 uppercase alpha characters, and 1 number. Additionally,
this policy specifies that the system automatically warns users five days before their passwords expire.
list password-policy
Displays the password policy.
OPTIONS
expiration-warning
Specifies the number of days before a password expires. Based on this value, the BIG-IP system
automatically warns users when their password is about to expire. The default value is 7 days.
max-duration
Specifies the maximum number of days a password is valid. The default value is 99999.
max-login-failures
Specifies the number of consecutive unsuccessful login attempts that the system allows before locking out
the user. The default value is 0 (zero - disabled).
min-duration
Specifies the minimum number of days a password is valid. The default value is 0 (zero).
minimum-length
Specifies the minimum number of characters in a valid password. The default value is 6.
password-memory
Specifies whether the user has configured the BIG-IP system to remember a password on a specific
computer. The default value is 0 (zero).
policy-enforcement
Enables or disables the password policy on the BIG-IP system. The default value is disabled.
required-lowercase
Specifies the number of lowercase alpha characters that must be present in a password for the password to
be valid. The default value is 0 (zero).
required-numeric
Specifies the number of numeric characters that must be present in a password for the password to be
valid. The default value is 0 (zero).
required-special
Specifies the number of special characters that must be present in a password for the password to be
valid. The default value is 0 (zero).
required-uppercase
Specifies the number of uppercase alpha characters that must be present in a password for the password to
be valid. The default value is 0 (zero).
lockout-duration
Specifies the amount of time in seconds that a locked-out user must wait before being allowed to log in
again unless manually unlocked.
SEE ALSO
auth user, modify, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All rights reserved.
BIG-IP 2019-02-20 auth password-policy(1)