Configuring a secure password policy for the BIG-IP system - Expiration Warning

Information

You have the option to create a security policy for generating passwords for local BIG-IP system user accounts. A secure password policy ensures that BIG-IP system users who have local user accounts create and maintain passwords that are as secure as possible. The secure password policy feature includes two distinct types of password restrictions:

- Enforcement restrictions are character restrictions that you can enable or disable. They consist of the minimum password length and the required character types (numeric, uppercase, lowercase, and other kinds of characters). When you enable them, the system applies enforcement restrictions to all user accounts.
- Policy restrictions represent the minimum and maximum lengths of time that passwords can be active. This type of policy restriction also includes values for the number of days prior to password expiration on which the system warns users and the number of previous passwords that the BIG-IP system stores to prevent users from reusing former passwords. When you configure policy restrictions using the Configuration utility, policy restrictions apply to all user accounts. These restrictions are always enabled, although the default values provide a minimal amount of restriction.
The secure password policy feature affects passwords for the BIG-IP system's local user accounts only. Passwords for remotely stored user accounts are not subject to this local password policy but may be subject to a remote system's separate password policy.

Note: You can configure only one user authentication scheme for the system. When you select a remote authentication source, the page displays relevant configuration options.

Solution

To use the Configuration utility to configure the password policy for BIG-IP local user accounts, perform the following procedure:

1. Log in to the Configuration utility.
2. Go to System > Users > Authentication.
3. Under Password Policy, locate the Expiration Warning setting and configure it to meet your needs.
4. Select Update.

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: F5

Control ID: 44e1f0d8cee301a621fb94811a0026a5315e66dbfb093b786a82517a631b76f9