Enabling password control

  • Enable the global password control feature in system view.

  • Password control configurations take effect only after the password control feature is enabled globally.

  • Enable password control functions individually.

  • The following password control functions need to be enabled individually after the password control feature is enabled globally:

    To enable password control:

    Step

    Command

    Remarks

    1. Enter system view.

    system-view

    N/A

    2. Enable the global password control feature.

    password-control enable

    By default, the global password control feature is disabled.

    3. Enable a specific password control function.

    password-control { aging | composition | history | length } enable

    Optional.

    All of the four password control functions are enabled by default.

    After global password control is enabled, local user passwords configured on the device are not displayed when you use the corresponding display command.

    For security purposes, the system prompts the Telnet, SSH, and terminal users to change their passwords at their first logins if the global password control is enabled. FTP users can only have their passwords changed by the administrator. If the administrator does not change passwords for FTP users after the global password control is enabled, the FTP users cannot log in to the device.

    About the minimum password length:

    About password history control: