203
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Disable a user account permanently if a user fails two consecutive login attempts on the user account.
[Sysname] password-control login-attempt 2 exceed lock
# Set all passwords to expire after 30 days.
[Sysname] password-control aging 30
# Globally set the minimum password length to 16 characters.
[Sysname] password-control length 16
# Set the minimum password update interval to 36 hours.
[Sysname] password-control update-interval 36
# Specify that a user can log in five times within 60 days after the password expires.
[Sysname] password-control expired-user-login delay 60 times 5
# Set the maximum account idle time to 30 days.
[Sysname] password-control login idle-time 30
# Refuse any password that contains the username or the reverse of the username.
[Sysname] password-control complexity user-name check
# Specify that no character can be included three or more times consecutively in a password.
[Sysname] password-control complexity same-character check
# Globally specify that all passwords must each contain at least four character types and at least four
characters for each type.
[Sysname] password-control composition type-number 4 type-length 4
# Set the minimum super password length to 24 characters.
[Sysname] password-control super length 24
# Specify that a super password must contain at least four character types and at least five characters for
each type.
[Sysname] password-control super composition type-number 4 type-length 5
# Configure a super password used for switching to user role
network-operator
as
123456789ABGFTweuix@#$%!
in plain text.
[Sysname] super password role network-operator simple 123456789ABGFTweuix@#$%!
Updating user information. Please wait ... ...
# Create a device management user named
test
.
[Sysname] local-user test class manage
# Set the service type of the user to
Telnet
.
[Sysname-luser-manage-test] service-type telnet
# Set the minimum password length to 24 for the local user.
[Sysname-luser-manage-test] password-control length 24
# Specify that the password of the local user must contain at least four character types and at least five
characters for each type.
[Sysname-luser-manage-test] password-control composition type-number 4 type-length 5