Password Control Configuration 577
length limitation, the configured minimum password length (if available); the
enable/disable state of history password recording, the maximum number of history
password records, the time when the password history was last cleared; the timeout
time for password authentication; the maximum number of attempts, and the
processing mode for login attempt failures.
If all the password attempts of a user fail, the system adds the user to the blacklist.
You can execute the display password-control blacklist command in any view to
check the names and the IP addresses of such users.
Configuring Password
Aging
To cancel the above configurations, use the corresponding undo commands.
You can configure the password aging time when password aging is not yet enabled,
but these configured parameters will not take effect.
Table635 Configure password aging
Operation Command Description
Enter system view system-view —
Enable password aging password-control aging enable Optional
By default, password aging is
enabled.
Set aging time for super
passwords
password-control super aging
aging-time
Optional
By default, the aging time is 90
days.
Set aging time for system
login passwords
password-control aging
aging-time
Optional
By default, the aging time is 90
days.
Enable the system to alert
users to change their
passwords when their
passwords will soon expire,
and specify how many
days ahead of the
expiration the system alerts
the users.
password-control
alert-before-expire alert-time
By default, users are alerted
seven days ahead of the
password expiration.
Display the information
about the global password
control for all users
display password-control You can execute the display
command in any view.
Display the information
about the password
control for super
passwords, including the
aging time and minimum
password length.
display password-control super