1-3
Password Control Configuration
Configuration Prerequisites
A user PC is connected to the switch to be configured; both devices are operating normally.
Configuration Tasks
The following sections describe the configuration tasks for password control:
z Configuring Password Aging
z Configuring the Limitation of Minimum Password Length
z Configuring History Password Recording
z Configuring a User Login Password in Interactive Mode
z Configuring Login Attempt Times Limitation and Failure Processing Mode
z Configuring the Password Authentication Timeout Time
z Configuring Password Composition Policies
After the above configuration, you can execute the display password-control command in any view to
check the information about the password control for all users, including the enabled/disabled state of
password aging, the aging time, enabled/disabled state of password composition policy, minimum
number of types that a password should contain, minimum number of characters of each type, the
enabled/disabled state of history password recording, the maximum number of history password
records, the alert time before password expiration, the timeout time for password authentication, the
maximum number of attempts, and the processing mode for login attempt failures.
If the password attempts of a user fail for several times, the system adds the user to the blacklist. You
can execute the display password-control blacklist command in any view to check the names and
the IP addresses of such users.
Configuring Password Aging
Table 1-2 Configure password aging
Operation Command Description
Enter system view
system-view
—
Enable password aging
password-control aging enable
Optional
By default, password aging is
enabled.
Configure a password aging
time globally
password-control aging
aging-time
Optional
By default, the aging time is
90 days.
Configure a password aging
time for a super password
password-control super aging
aging-time
Optional
By default, the aging time is
90 days.
Enable the system to alert
users to change their
passwords when their
passwords will soon expire,
and specify how many days
ahead of the expiration the
system alerts the users.
password-control
alert-before-expire alert-time
Optional
By default, users are alerted
seven days ahead of the
password expiration.
To Next Page
Loading...