configure

disable

disables the account when expire-periodis reached. A super-user must re-enable the account.

expire

expires the account when expire-periodis reached. The user must enter a new password when logging on.

notify

nothing is done to the account. The user is notified that the account is expired and the user should change the password

expire-period days

sets the period of time in days that account passwords are valid. The expire-actionsetting controls what happens next to the account. Valid periods, in days, include 0, 10, 20, 30, 45, 90, 332, and 365.

lockout-period minutes

sets a lockout period on a user account. Valid periods, in minutes, include 0, 1, 5, 10, 30, 60, and 360.

max-attempts <1-10>

sets the number of maximum login attempts on a single account. The attempt- action setting configures the action that occurs when max-attemptsis exceeded. The valid number of attempts is an integer from 1 to 10.

security-level <0-2>

sets the level of security checking that is performed when you add a new user or change a password. Enter a level value of 0, 1, or 2.

The restrictions for the security levels includes the following:

Table 3-1: Security Levels

Level

Description

 

 

 

 

Level 0

User names cannot have spaces in them.

 

Passwords are unrestricted.

 

 

Level 1

User names must be at least 6 characters long without spaces.

 

Passwords must be at least 8.

 

 

Level 2

Includes Level 1 restrictions and requires the following: 2 alphabetic

 

characters, 1 numeric character, 1 non-alphanumeric character

 

(special characters such as ! ? and *).

 

 

CAUTION: Using any security level less than 2 is counter to accepted business practice. If you use a security level less than 2, the security of the device may be easily compromised by a password guessing program.

X Family CLI Reference V 2.5.1

69