display password-control

Syntax

display password-control [ super ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

2: System level

Parameters

super: Displays the password control information of the super passwords. Without this keyword, the command displays the password control information for all passwords.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display password-control to display password control configuration information.

Examples

# Display the global password control configuration information.

<Sysname> display password-control
Global password control configurations:
 Password control:                    Disabled
 Password aging:                      Enabled (90 days)
 Password length:                     Enabled (10 characters)
 Password composition:                Enabled (1 types,  1 characters per type)
 Password history:                    Enabled (max history records:4)
 Early notice on password expiration: 7 days
 User authentication timeout:         60 seconds
 Maximum failed login attempts:       3 times
 Login attempt-failed action:         Lock for 1 minutes
 Minimum password update time:        24 hours
 User account idle-time:              90 days
 Login with aged password:            3 times in 30 days
 Password complexity:                 Disabled (username checking)
                                      Disabled (repeated characters checking)

# Display the password control configuration information for super passwords.

<Sysname> display password-control super
 Super password control configurations:
 Password aging:                      Enabled (90 days)
 Password length:                     Enabled (10 characters)
 Password composition:                Enabled (1 types,  1 characters per type)

Table 26: Command output

Field

Description

Password control

Whether the global password control feature is enabled.

Password aging

Whether password aging is enabled and, if enabled, the aging time.

Password length

Whether the minimum password length restriction function is enabled and, if enabled, the setting.

Password composition

Whether the password composition restriction function is enabled and, if enabled, the settings.

Password history

Whether the password history function is enabled and, if enabled, the setting.

Early notice on password expiration

Number of days during which the user is warned of the pending password expiration.

User authentication timeout

Password authentication timeout time.

Maximum failed login attempts

Allowed maximum number of consecutive failed login attempts for FTP and VTY users.

Login attempt-failed action

Action to be taken after a user fails to login for the specified number of attempts.

Minimum password update time

Minimum password update interval.

User account idle-time

Maximum account idle time.

Login with aged password

Number of times and maximum number of days a user can log in using an expired password.

Password complexity

Whether the following password complexity checking is enabled:

  • username checking—Checks whether a password contains the username or the reverse of the username.

  • repeated characters checking—Checks whether a password contains any character that is repeated consecutively three or more times.