Displaying and maintaining password control, Password control configuration example, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 270: Configuration procedure

256

Displaying and maintaining password control

Task Command

Remarks

Display password control
configuration information.

display password-control [ super ]
[ | { begin | exclude | include }

regular-expression ]

Available in any view.

Display information about users
blacklisted due to authentication
failure.

display password-control blacklist
[ user-name name | ip

ipv4-address | ipv6 ipv6-address ]

[ | { begin | exclude | include }
regular-expression ]

Available in any view.

Delete users from the blacklist.

reset password-control blacklist
[ user-name name ]

Available in user view.

Clear history password records.

reset password-control
history-record [ user-name name |

super [ level level ] ]

Available in user view.

NOTE:

The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.

Password control configuration example

Network requirements

Implementing the following global password control policy:

•

An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.

•

A user can log in five times within 60 days after the password expires.

•

The password aging time is 30 days.

•

The minimum password update interval is 36 hours.

•

The maximum account idle time is 30 days.

•

A password cannot contain the username or the reverse of the username.

•

No character occurs consecutively three or more times in a password.

Implementing the following super password control policy:

A super password must contain at least three types of valid characters, five or more of each type.

Implementing the following password control policy for local Telnet user test:

•

The password must contain at least 12 characters.

•

The password must consist of at least two types of valid characters, five or more of each type.

•

The password aging time is 20 days.

Configuration procedure

# Enable the password control feature globally.

system-view

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000