Symptoms

When apply-to-root false is configured, password policy enforcement is inconsistent. Weak passwords (e.g., "a") are accepted during normal password changes but rejected during forced password changes (last-change 0), despite configuration explicitly disabling policy enforcement for root user.

Impact

Inconsistent password policy enforcement for root user

Conditions

Configuration: system aaa password-policy config apply-to-root false Forced password change triggered via last-change 0

Workaround

Option 1: Set apply-to-root true for consistent password policy enforcement (requires strong passwords) Option 2: Set strong password during forced change, then change to weak password afterward using normal method

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips