Setting global password control parameters
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Set the password aging time. | password-control aging aging-time | Optional. 90 days by default. |
3. Set the minimum password update interval. | password-control password update interval interval | Optional. 24 hours by default. |
4. Set the minimum password length. | password-control length length | Optional. 10 characters by default. |
5. Configure the password composition policy. | password-control composition type-number type-number [ type-length type-length ] | Optional.
|
6. Configure the password complexity checking policy. | password-control complexity { same-character | user-name } check | Optional. By default, the system does not perform password complexity checking. |
7. Set the maximum number of history password records for each user. | password-control history max-record-num | Optional. 4 by default. |
8. Specify the maximum number of login attempts and the action to be taken when a user fails to log in after the specified number of attempts. | password-control login-attempt login-times [ exceed { lock | unlock | lock-time time } ] | Optional. By default, the maximum number of login attempts is 3 and a user failing to log in after the specified number of attempts must wait for one minute before trying again. |
9. Set the number of days during which the user is warned of the pending password expiration. | password-control alert-before-expire alert-time | Optional. 7 days by default. |
10. Set the maximum number of days and maximum number of times that a user can log in after the password expires. | password-control expired-user-login delay delay times times | Optional. By default, a user can log in three times within 30 days after the password expires. |
11. Set the authentication timeout time. | password-control authentication-timeout authentication-timeout | Optional. 60 seconds by default. |
12. Set the maximum account idle time. | password-control login idle-time idle-time | Optional. 90 days by default. |
NOTE: The password-control login-attempt command takes effect immediately and can affect the users already in the password control blacklist. Other password control configurations do not take effect for users that have been logged in or passwords that have been configured. | ||