06-Apr-2023 01:16
Hi,
I've made some adjustements to the secure password policy, but I'm still abe to create a new user with a password which doesnt match the requirements.
I noticed that I'm not able to login - which is good, but should there not be a waring or not even able to set a password which doesnt meet the requirements?
(tmos)# list /auth password-policy all-properties
auth password-policy {
description none
expiration-warning 7
lockout-duration 0
max-duration 99999
max-login-failures 6
min-duration 0
minimum-length 10
password-memory 0
policy-enforcement enabled
required-lowercase 1
required-numeric 1
required-special 0
required-uppercase 1
}
(tmos)# create auth user test1 password 1234
(tmos)# list auth user test1
auth user test1 {
description test1
encrypted-password $6$CX2o0f4l$uxR8vZ9rw3LLD3hYOgUeJrqfZjbXtMdvhNXgKNspdVU2S7ywVewhX/qFH9AOqSNsrdnpf2JA4St9BpyBxUAV60
partition Common
partition-access {
all-partitions {
role guest
}
}
session-limit -1
shell none
06-Apr-2023 01:23
to add, strict password enforcement is enabeld too:
(tmos)# list sys db users.strictpasswords
sys db users.strictpasswords {
value "enable"
}
10-Apr-2023 19:16
Hi @Stefan_Engel - to give this more visibility to try to help you get an answer, I'm featuring this in this week's Community Highlights. I'll also see if I can get a colleague to take a look.
11-Apr-2023 03:08
(tmos)# list auth password-policy all-properties
auth password-policy {
description none
expiration-warning 7
lockout-duration 0
max-duration 99999
max-login-failures 0
min-duration 0
minimum-length 12
password-memory 0
policy-enforcement enabled
required-lowercase 1
required-numeric 1
required-special 1
required-uppercase 1
}
(tmos)# create auth user test1 password 1234
There were warnings:
WARNING! Role no-access will lockout the user test1.
01070366:3: Bad password (test1): BAD PASSWORD: it is too short
11-Apr-2023 03:18
@Michael_Saleem thanks for testing. We are runnning on 16.1.3.3. I'll upgrade our LAB and have it tested as well on 16.1.3.4.