beautypg.com

Setting global password control parameters – H3C Technologies H3C SecBlade LB Cards User Manual

Page 104

background image

93

Setting global password control parameters

The action specified the password-control login-attempt command takes effect immediately, and thus
affects the users already in the password control blacklist. Other password control configurations take

effect only for users logging in later and passwords configured later.
To set global password control parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the password aging time. password-control aging aging-time

Optional.
90 days by default.

3.

Set the minimum password
update interval.

password-control password
update interval interval

Optional.
24 hours by default.

4.

Set the minimum password

length.

password-control length length

Optional.
10 characters by default.

5.

Configure the password
composition policy.

password-control composition
type-number type-number

[ type-length type-length ]

Optional.
A default password must contain at
least one type of characters and

each type must contain at least one
character.

6.

Configure the password
complexity checking policy.

password-control complexity
{ same-character | user-name }

check

Optional.
By default, the system does not
perform password complexity

checking.

7.

Set the maximum number of
history password records for

each user.

password-control history
max-record-num

Optional.
4 by default.

8.

Specify the maximum number

of login attempts and the
action to be taken when a

user fails to log in after the

specified number of attempts.

password-control login-attempt
login-times [ exceed { lock |

lock-time time | unlock } ]

Optional.
By default, the maximum number
of login attempts is 3 and a user

failing to log in after the specified
number of attempts must wait for 1

minute before trying again.

9.

Set the number of days during

which the user is notified of
the pending password

expiration.

password-control
alert-before-expire alert-time

Optional.
7 days by default.

10.

Set the maximum number of
days and maximum number

of times that a user can log in

after the password expires.

password-control
expired-user-login delay delay

times times

Optional.
By default, a user can log in three
times within 30 days after the

password expires.

11.

Set the authentication timeout

time.

password-control
authentication-timeout

authentication-timeout

Optional.
60 seconds by default.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: