The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco UCS Central supports the following methods for authenticating user logins:
Each locally authenticated user account requires a password. Cisco recommends that each user have a strong password. A user with admin, aaa, or domain-group-management privileges can configure Cisco UCS Central to perform a password strength check on user passwords. If you enabled the password strength check, each user must use a strong password.
Cisco UCS Central rejects any password that does not meet the following requirements:
Must contain a minimum of 8 characters and a maximum of 80 characters.
Must contain at least three of the following:
Must not contain a character that is repeated more than 3 times consecutively, such as aaabbb.
Must not be identical to the username or the reverse of the username.
Must pass a password dictionary check. Meaning, the password must not be based on a standard dictionary word.
Must not contain the following symbols: $ (dollar sign), ? (question mark), and = (equals sign).
Should not be blank for local user and admin accounts.
The password profile contains the password history and the password change interval properties for all locally authenticated users of . You cannot specify a different password profile for locally authenticated users.
The password history count prevents locally authenticated users from reusing the same password. When you configure the password history count, stores up to a maximum of 15 previously used passwords. The password history count stores the passwords in reverse chronological order with the most recent password first. This ensures that the user can only reuse the oldest password when the history count reaches its threshold.
A user can create and use the number of passwords configured in the password history count before reusing a password. For example, if you set the password history count to 8, a user cannot reuse the first password until the ninth password expires.
By default, the password history is set to 0. This value disables the history count and allows users to reuse previously used passwords at any time.
You can clear the password history count for a locally authenticated user and enable reuse of previous passwords.
The password change interval restricts the number of password changes that a locally authenticated user can make within a specific number of hours. The following table describes the two interval configuration options for the password change interval.
Interval Configuration | Description | Example |
---|---|---|
No password change allowed |
Does not allow changing passwords for locally authenticated user within a specified number of hours after a password change. You can specify a no change interval between 1 and 745 hours. By default, the no change interval is 24 hours. |
To prevent the user from changing passwords within 48 hours after a password change: |
Password changes allowed within change interval |
Specifies the maximum number of times that a locally authenticated user password change can occur within a pre-defined interval. You can specify a change interval between 1 and 745 hours and a maximum number of password changes between 0 and 10. By default, a locally authenticated user is permitted a maximum of two password changes within a 48-hour interval. |
To allow a password change for a maximum of one time within 24 hours after a password change: |