You are here: Home > CLI Commands > Just_CLI_Topics > show aaa password-policy mgmt

show aaa password-policy mgmt

show aaa password-policy mgmt [statistics]

Description

Show the current password policy for management users.

Syntax

Parameter

Description

statistics

Include this optional parameter to show the numbers of failed login attempts and any lockout periods for management user accounts.

Examples

The output of the show aaa password-policy mgmt command below shows that the current password policy requires a management user to have a password with a minimum of 9 characters, including one numeric character and one special character

 

(host) #show aaa password-policy mgmt

 

Mgmt Password Policy

--------------------

Parameter Value

--------- -----

Enable password policy Yes

Minimum password length required 9

Minimum number of Upper Case characters 0

Minimum number of Lower Case characters 0

Minimum number of Digits 1

Minimum number of Special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, |, +, ~, `) 1

Username or Reverse of username NOT in Password No

Maximum Number of failed attempts in 3 minute window to lockout user 0

Time duration to lockout the user upon crossing the "lock-out" threshold 3

Maximum consecutive character repeats 0

 

The following data columns appear in the output of this command:

Parameter

Description

Enable password policy

Shows if the defined policy has been enabled

Minimum password length required

Minimum number of characters required for a management user password. The default setting is 6 characters.

Minimum number of Upper Case characters

The maximum number of uppercase letters required for a management user password. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.

Minimum number of Lower Case characters

The maximum number of lowercase letters required for a management user password. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.

Minimum number of Digits

Minimum number of numeric digits required in a management user password. By default, there is no requirement for digits in a password, and the parameter has a default value of 0.

Minimum number of Special characters

Minimum number of special characters required in a management user password. By default, there is no requirement for special characters in a password, and the parameter has a default value of 0.

Username or Reverse of username NOT in Password

 

If Yes, a management user’s password cannot be the user’s username or the username spelled backwards. If No, the password can be the username or username spelled backwards.

Maximum Number of failed attempts in 3 minute window to lockout user

Number of times a user can unsuccessfully attempt to log in to the controller before that user gets locked out for the time period specified by the lock-out threshold below. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.

Time duration to lockout the user upon crossing the "lock-out" threshold

Amount of time a management user will be “locked out” and prevented from logging into the controller after exceeding the maximum number of failed attempts setting show above. The default lockout time is 3 minutes.

Maximum consecutive character repeats

The maximum number of consecutive repeating characters allowed in a management user password.

By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.

 

(host) #show aaa password-policy mgmt statistics

 

Management User Table

---------------------

USER ROLE FAILED_ATTEMPTS STATUS

---- ---- --------------- ------

admin14 root 1 Locked until 12/1/2009 22:28

 

Include the optional statistics parameter to show failed login statistics in the Management User table. The example below shows that a single failed login attempt locked out the root user admin14, and displays the time when that user can attempt to login to the controller again.

Related Commands

Command

Description

aaa profile

This command configures the authentication for a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection..

aaa password-policy mgmtt

This command define a policy for creating management user passwords.

show references aaa password-policy

This command shows the password policy for locally configured management users.

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system

Enable or Config mode on Mobility Master.

/*]]>*/