Password control configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 265

255

Task Command

Remarks

Display information about users
blacklisted due to authentication

failure.

display password-control blacklist
[ user-name name | ip
ipv4-address | ipv6 ipv6-address ]

[ | { begin | exclude | include }

regular-expression ]

Available in any view

Delete users from the blacklist.

reset password-control blacklist
[ user-name name ]

Available in user view

Clear history password records.

reset password-control
history-record [ user-name name |

super [ level level ] ]

Available in user view

NOTE:

The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.

Password control configuration example

Network requirements

Configure a global password control policy to meet the following requirements:

•

An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.

•

A user can log in five times within 60 days after the password expires.

•

The password aging time is 30 days.

•

The minimum password update interval is 36 hours.

•

The maximum account idle time is 30 days.

•

A password cannot contain the username or the reverse of the username.

•

No character occurs consecutively three or more times in a password.

Configure a super password control policy to meet the following requirements:

•

A super password must contain at least three types of valid characters, five or more of each type.

Configure a password control policy for the local Telnet user test to meet the following requirements:

•

The password must contain at least 12 characters.

•

The password must contain at least two character types and at least five characters for each type.

•

The password aging time is 20 days.

Configuration procedure

# Enable the password control feature globally.

system-view

[Sysname] password-control enable

# Prohibit the user from logging in forever after two successive login failures.

[Sysname] password-control login-attempt 2 exceed lock

# Set the password aging time to 30 days for all passwords.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS