213
1. Enter system view.
system-view
N/A
2. Set the password expiration
time for super passwords.
password-control super aging
aging-time
The default setting is 90 days.
3. Configure the minimum
length for super passwords.
password-control super length
length
• In non-FIPS mode, the
characters.
• In FIPS mode, the default
setting is 15 characters.
4. Configure the password
composition policy for super
passwords.
password-control super
composition type-number
type-number
[
type-length
type-length ]
• In non-FIPS mode, by
default,
a super password
must contain at least one
character type and at least
one character for each type.
• In FIPS mode, by default, a
super password must
character types and at least
one character for each type.
Displaying and maintaining password control
Execute display commands in any view and reset commands in user view.
Display password control configuration.
display password-control
[
super
]
Display information about
password control blacklist.
display password-control blacklist
[
user-name
name
|
ip
ipv4-address |
ipv6
ipv6-address ]
Delete users from the password control
blacklist.
reset password-control blacklist
[
user-name
name ]
Clear history password records.
reset password-control history-record
[
user-name
name |
super
[
role
role name ] ]
he reset password-control history-record command can
delete the history password records of
one or all users even when the password history feature is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
• A password must contain at least 16 characters.
• A password must contain at least four character types and at least four characters for each type.
• An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
• A user can log in five times within 60 days after the password expires.
To Next Page
Loading...
Need help?
General