Mac authentication configuration examples, Local mac authentication configuration example, Setting super password control parameters – H3C Technologies H3C S12500-X Series Switches User Manual
Page 126: Displaying and maintaining password control

114
Step Command
Remarks
7.
Specify the maximum number
of login attempts and the
action to be taken for the local
user when the user fails to log
in after the specified number
of attempts.
password-control login-attempt
login-times [ exceed { lock |
lock-time time | unlock } ]
By default, the settings equal those
for the user group to which the
local user belongs. If no
login-attempt policy is configured
for the user group, the global
settings apply to the local user.
82B
Setting super password control parameters
The super password allows you to obtain a temporary user role without reconnecting to the device. For
more information, see Fundamentals Configuration Guide.
To set super password control parameters:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the password expiration
time for super passwords.
password-control super aging
aging-time
The default setting is 90 days.
3.
Configure the minimum length
for super passwords.
password-control super length
length
•
In non-FIPS mode, the default
setting is 10 characters.
•
In FIPS mode, the default setting
is 15 characters.
4.
Configure the password
composition policy for super
passwords.
password-control super
composition type-number
type-number [ type-length
type-length ]
•
In non-FIPS mode, a default
super password must contain at
least one character type and at
least one character for each
type.
•
In FIPS mode, a default super
password must contain at least
four character types and at
least one character for each
type.
83B
Displaying and maintaining password control
Execute display commands in any view and reset commands in user view.
Task Command
Display password control configuration.
display password-control [ super ]
Display information about users in the
password control blacklist.
display password-control blacklist [ user-name name | ip
ipv4-address | ipv6 ipv6-address ]
Delete users from the password control
blacklist.
reset password-control blacklist [ user-name name ]
Clear history password records.
reset password-control history-record [ user-name name |
super [ role role name ] ]
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches