Fortinet white logo
Fortinet white logo

CLI Reference

system password-policy

system password-policy

Use this command to configure password policy for administrators, FortiMail Webmail users, and IBE encrypted email users.

Syntax

config system password-policy

set status {enable | disable}

set apply-to {admin-user | ibe-user | local-mail-user}

set minimum-length <minimum_int>

set must-contain {upper-case-letter | lower-case-letter | number | non-alphanumeric}

set allow-admin-empty-password {enable | disable}

end

Variable

Description

Default

status {enable | disable}

Select to enable the password policy.

apply-to {admin-user | ibe-user | local-mail-user}

Select where to apply the password policy:

  • admin_user: Apply to administrator passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.
  • local-mail-user Apply to FortiMail webmail users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.
  • ibe-user: Apply to the passwords of the users who access the FortiMail unit to view IBE encrypted email. If any password does not conform to the policy, require that user to change the password at the next login.

minimum-length <minimum_int>

Set the minimum acceptable length for passwords.

8

must-contain {upper-case-letter | lower-case-letter | number | non-alphanumeric}

Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.

upper-case-letter — A, B, C, ... Z

lower-case-letter — a, b, c, ... z

number — 0, 1, 2, 3, 4, 5, 6, 7 8, 9

non-alphanumeric — punctuation marks, @,#, ... %

allow-admin-empty-password {enable | disable}

Enable to allow the admin password to be empty.

disable

Related topics

system link-monitor

system password-policy

system password-policy

Use this command to configure password policy for administrators, FortiMail Webmail users, and IBE encrypted email users.

Syntax

config system password-policy

set status {enable | disable}

set apply-to {admin-user | ibe-user | local-mail-user}

set minimum-length <minimum_int>

set must-contain {upper-case-letter | lower-case-letter | number | non-alphanumeric}

set allow-admin-empty-password {enable | disable}

end

Variable

Description

Default

status {enable | disable}

Select to enable the password policy.

apply-to {admin-user | ibe-user | local-mail-user}

Select where to apply the password policy:

  • admin_user: Apply to administrator passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.
  • local-mail-user Apply to FortiMail webmail users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.
  • ibe-user: Apply to the passwords of the users who access the FortiMail unit to view IBE encrypted email. If any password does not conform to the policy, require that user to change the password at the next login.

minimum-length <minimum_int>

Set the minimum acceptable length for passwords.

8

must-contain {upper-case-letter | lower-case-letter | number | non-alphanumeric}

Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.

upper-case-letter — A, B, C, ... Z

lower-case-letter — a, b, c, ... z

number — 0, 1, 2, 3, 4, 5, 6, 7 8, 9

non-alphanumeric — punctuation marks, @,#, ... %

allow-admin-empty-password {enable | disable}

Enable to allow the admin password to be empty.

disable

Related topics

system link-monitor