Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

611

612

613

614

615

616

617

618

619

620

14-56

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 14 Administering the CAM

Manage System Passwords

Note Once you complete the above steps, both the CAM and CAS are accessible. If you are using HA pairs,

you must execute the steps for both the CAMs.

Manage System Passwords

Note For new installations of Cisco NAC Appliance, the root administrator user password must conform to

the strong password guidelines outlined below. Existing root administrator user passwords are preserved

during upgrade.

It is important to provide secure passwords for the user accounts in Cisco NAC Appliance system, and

to change them from time to time to maintain system security. Cisco NAC Appliance prompts you to

specify the following administrative user account passwords:

1. Clean Access Manager installation machine root user

2. Clean Access Server installation machine root user

3. Clean Access Server web console admin user

4. Clean Access Manager web console admin user

Passwords are initially set at installation time. To change these passwords at a later time, access the CAM

or CAS machine by SSH, logging in as the user whose password you want to change. Use the Linux

passwd command to change the user’s password.

In all cases, Cisco recommends using strong passwords to maximize network security, but only the root

administrator passwords on the CAM and CAS are required to conform to the strong password criteria,

that is, passwords containing at least eight characters that feature at least two characters from each of

the following four categories:

• Lower-case letters

• Upper-case letters

• Numbers (digits)

• Special characters (like !@#$%^&*~)

For example, the password

10-9=One would not satisfy the requirements because it does not feature two

characters from each category, but

1o-9=OnE is a valid password.

Note If the first character of a password is an upper-case letter, that character is not counted toward the

minimum number of required upper-case letters (two) when determining whether or not the correct

number of characters exists in the password.

If the last character of a password is a digit, that character is not counted toward the minimum number

of required digits (two) when determining whether or not the correct number of characters exists in the

password.

This section describes the following:

• Change the CAM Web Console Admin Password

• Change the CAS Web Console Admin User Password