beautypg.com

Setting global password control parameters – H3C Technologies H3C S6300 Series Switches User Manual

Page 181

background image

166

To enable password control:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the global password
control feature.

password-control enable

In non-FIPS mode, the global
password control feature is

disabled by default.

In FIPS mode, the global

password control feature is

enabled by default, and cannot

be disabled.

3.

(Optional.) Enable a specific

password control function.

password-control { aging |
composition | history | length }
enable

By default, all four password
control functions are enabled.

Setting global password control parameters

The password expiration time, minimum password length, and password composition policy can be

configured in system view, user group view, or local user view. The password settings with a smaller

application scope have higher priority. Global settings in system view apply to the passwords of the local
users in all user groups if you do not configure password policies for these users in both local user view

and user group view.
The password-control login-attempt command takes effect immediately and can affect the users already

in the password control blacklist. Other password control configurations do not take effect on users that
have been logged in or passwords that have been configured.
To set global password control parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the password expiration
time.

password-control aging aging-time The default setting is 90 days.

3.

Set the minimum password
update interval.

password-control update-interval

interval

The default setting is 24 hours.

4.

Set the minimum password
length.

password-control length length

In non-FIPS mode, the default
setting is 10 characters.

In FIPS mode, the default length
is 15 characters.

5.

Configure the password

composition policy.

password-control composition
type-number type-number

[ type-length type-length ]

In non-FIPS mode, by default, a

password must contain at least

one character type and at least
one character for each type.

In FIPS mode, by default, a

password must contain at least
four character types and at

least one character for each

type.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: