212
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the password expiration
time for super passwords.
password-control super aging
aging-time
The default setting is 90 days.
3.
Configure the minimum
length for super
passwords.
password-control super length
length
•
In non-FIPS mode, the
default setting is 10
characters.
•
In FIPS mode, the default
setting is 15 characters.
4.
Configure the password
composition policy for super
passwords.
password-control super
composition type-number
type-number
[
type-length
type-length
]
•
In non-FIPS mode, by
default, a super password
must contain at least one
character type and at least
one character for each type.
•
In FIPS mode, by default, a
super password must
contain at least four
character types and at least
one character for each type.
Displaying and maintaining password control
Execute
display
commands in any view and
reset
commands in user view.
Task Command
Display password control configuration.
display password-control
[
super
]
Display information about users in the
password control blacklist.
display password-control blacklist
[
user-name name
|
ip ipv4-address
|
ipv6 ipv6-address
]
Delete users from the password control
blacklist.
reset password-control blacklist
[
user-name name
]
Clear history password records.
reset password-control history-record
[
user-name
name
|
super
[
role role name
] ]
NOTE:
The
reset password-control history-record
command can delete the history password records of
one or all users even when the password history feature is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
•
A password must contain at least 16 characters.
•
A password must contain at least four character types and at least four characters for each type.
•
An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
•
A user can log in five times within 60 days after the password expires.