Password Control Configuration 557
■ “Configuring History Password Recording”
■ “Configuring a User Login Password in Interactive Mode”
■ “Configuring Login Attempt Times Limitation and Failure Processing Mode”
■ “Configuring the Password Authentication Timeout Time”
■ “Configuring Password Composition Policies”
After the above configuration, you can execute the display password-control
command in any view to check the information about the password control for all
users, including the enabled/disabled state of password aging, the aging time,
enabled/disabled state of password composition policy, minimum number of types
that a password should contain, minimum number of characters of each type, the
enabled/disabled state of history password recording, the maximum number of
history password records, the alert time before password expiration, the timeout
time for password authentication, the maximum number of attempts, and the
processing mode for login attempt failures.
If the password attempts of a user fail for several times, the system adds the user
to the blacklist. You can execute the display password-control blacklist
command in any view to check the names and the IP addresses of such users.
Configuring Password
Aging
n
In this section, you must note the effective range of the same commands when
executed in different views or to different types of passwords:
■ Global settings in system view apply to all local user passwords and super
passwords.
Tab le 409 Configure password aging
Operation Command Description
Enter system view system-view -
Enable password aging password-control aging enable Optional
By default, password aging is
enabled.
Configure a password
aging time globally
password-control aging
aging-time
Optional
By default, the aging time is
90 days.
Configure a password
aging time for a super
password
password-control super aging
aging-time
Optional
By default, the aging time is
90 days.
Enable the system to alert
users to change their
passwords when their
passwords will soon expire,
and specify how many
days ahead of the
expiration the system alerts
the users.
password-control
alert-before-expire alert-time
Optional
By default, users are alerted
seven days ahead of the
password expiration.
Create a local user or enter
local user view
local-user user-name -
Configure a password
aging time for the local
user
password-control aging
aging-time
Optional
By default, the aging time is
90 days.
To Next Page
Loading...
