Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
10.2.4, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 11.5.7
Opened: Apr 15, 2014 Severity: 3-Major Related Article:
K15397
If a local password policy with password expiry is set, even remotely authenticated users are subject to the password policy. This may disallow users whose password has been remotely authenticated but who have an expired password.
some users may be locked out after the password policy expires their password.
Local password policy is set, but remote authentication used.
Do not use a local password policy with remote authentication.
User created when remote auth is configured will not have password expiry applied.