30 PASSWORD CONTROL CONFIGURATION
OPERATIONS
Introduction to
Password Control
Configuration
The password control feature is designed to manage the following passwords:
■Telnet passwords: passwords for logging into the switch through Telnet.
■SSH passwords: passwords for logging into the switch through SSH.
■FTP passwords: passwords for logging into the switch through FTP.
■Super passwords: passwords used by the users who have logged into the switch
and are changing from a lower privilege level to a higher privilege level.
Password control provides the following functions:
Table634 Functions provided by password control
Function Description Application
Password aging The password aging function has the following sub-functions:
1Password aging time setting: Users can set the aging time for their
passwords. If a password ages out, its user must change it, otherwise the
user cannot log into the device.
2Password change: After a password ages out, the user can change it when
logging into the device.
3Alert before password expiration: Users can set their respective alert time.
If a user logs into the system when the password is about to age out (that
is, the remaining usable time of the password is no more than the set alert
time), the switch will alert the user to the forthcoming expiration and
prompts the user to change the password as soon as possible.
Telnet and SSH passwords: all
password aging sub-functions are
applicable.
Super passwords: only the
password aging time setting and
the password change sub-functions
are applicable.
FTP passwords: only the password
aging time setting sub-function is
applicable.
Limitation of
minimum
password
This function is used to limit the minimum length of the passwords. A user can
successfully configure a password only when the password is not shorter than
its minimum length.
Telnet, SSH, super, and FTP
passwords.
History
password
recording
The password configured and once used by a user is called a history (old)
password. The switch is able to record the user history password. Users cannot
successfully replace their passwords with used passwords.
The history passwords are saved in a readable file in the flash memory, so they
will not be lost when the switch reboots.
As for history passwords, the secondary SRPC serves as a hot backup to the
primary SRPC, that is, the history passwords keep synchronized between
primary and secondary SRPCs
Telnet, SSH, super, and FTP
passwords.
Password
protection and
encryption
The switch protects the displayed password. The password is always displayed
as a string containing only the asterisk (*) characters in the configuration file
or on the command line.
The switch encrypts the configured passwords and save the passwords in
ciphertext mode in the configuration file.
Telnet, SSH, super, and FTP
passwords.