Default Password Change and Strong Password Enforcement

Administrators can now configure the EdgeMarc to require users to change their default password the first time they log in. The password must adhere to the strong password policy configured by the administrator.

When this feature is enabled, and a root or read-only (rouser) user tries to log into the EdgeMarc GUI with the default password, they will be redirected to the Change Password page to change their password.

CLI (SSH or Serial) users are also prompted to change their password. This feature is enabled by default.

A user is not allowed to access the system until they create a strong password that meets the following criteria:

• 6-8 (for root) total characters
• 1 lowercase alphabet
• 1 numeric
• 1 special

To Enable or Disable Strong Password Enforcement

Use the following procedure to enable or disable Strong Password Enforcement from the EdgeMarc configuration GUI.

1. Choose Admin > Users. The Session/User Management - Advanced configuration page appears by default.

   The Disable Strong Password Enforcement checkbox is unchecked by default. Strong Password Enforcement is enabled, and configuration fields are active.

   Note

   If User Management is enabled, Strong Password Enforcement settings are unavailable on the Session/User Management - Advanced configuration page.

   

2. Enter the required password information in the following active Password Configuration Settings fields:

   • Minimum Alphabet Characters Required (0-4)

   • Minimum Upper Case Alphabet Characters Required (0-2)

   • Minimum lower Case Alphabet Characters Required (0-2)

   • Minimum Numeric Characters Required (0-2)

   • Minimum Special Characters Required (0-2)

   • Maximum Consecutive Repeating Characters Allowed (0-4)

3. Click Submit.

   When the user logs in to the system for the first time with their default password, they are directed to the Change Password page.
   
   

4. To disable Strong Password Enforcement, check the Disable Strong Password Enforcement checkbox on the Session/User Management - Advanced configuration page. Password Configuration Settings fields become inactive (grayed out) on the page.

   Strong Password Enforcement can also be configured through the CLI by setting parameters in the user_mgmt.conf file. Two new PASSWD configuration commands are added, as described in the following table.

   Strong Password Enforcement CLI

   Command	Description
   DISABLE_STRONG_PASSWORD_ENFORCEMENT=off	The Strong Password Enforcement feature is on.
   PASSWD_MIN_UPPER_ALPHABET_CHARS=0	Sets the minimum number of upper case letters required.
   PASSWD_MIN_LOWER_ALPHABET_CHARS=1	Sets the minimum number of lowercase letters required.