437
Step Command Remarks
2. Enable the global password
control feature.
password-control
enable
By default, the global password
control feature is disabled.
3. Enable a specific password
control function.
password-control
{
aging
|
composition
|
history
|
length
}
enable
Optional.
By default, all of the four
password control functions are
enabled.
After global password control is enabled, local user passwords configured on the device are not
displayed when you use the corresponding display command.
Setting global password control parameters
The action specified the password-control login-attempt command takes effect immediately, and
thus affects the users already in the password control blacklist. Other password control
configurations take effect only for users logging in later and passwords configured later.
To set global password control parameters:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set the password aging
time.
password-control aging
aging-time
Optional.
The default setting is 90 days.
3. Set the minimum password
update interval.
password-control password
update interval
interval
Optional.
The default setting is 24 hours.
4. Set the minimum password
length.
password-control length
length
Optional.
The default setting is 10
characters.
5. Configure the password
composition policy.
password-control composition
type-number
type-number
[
type-length
type-length ]
Optional.
• In non-FIPS mode, a default
password must contain at
least one character type and
at least one character for
each type.
• In FIPS mode, a default
password must contain four
character types and at least
one character for each type.
6. Configure the password
complexity checking policy.
password-control complexity
{
same-character
|
user-name
}
check
Optional.
By default, the system does not
perform password complexity
checking.
7. Set the maximum number of
history password records for
each user.
password-control history
max-record-num
Optional.
The default setting is 4.
8. Specify the maximum
number of login attempts
and the action to be taken
when a user fails to log in
after the specified number of
attempts.
password-control login-attempt
login-times [
exceed
{
lock
|
lock-time
time |
unlock
} ]
Optional.
By default, the maximum number
of login attempts is 3 and a user
failing to log in after the specified
number of attempts must wait for
1 minute before trying again.
To Next Page
Loading...
Need help?
General
