Step
4.
Configure the password
composition policy for super
passwords.
Displaying and maintaining password control
Execute display commands in any view and reset commands in user view.
Task
Display password control configuration.
Display information about users in the
password control blacklist.
Delete users from the password control
blacklist.
Clear history password records.
NOTE:
The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
A password must contain at least 16 characters.
•
•
A password must contain four character types and at least four characters for each type.
An FTP or VTY user failing to provide the correct password in two successive login attempts is
•
permanently prohibited from logging in.
A user can log in 5 times within 60 days after the password expires.
•
•
A password expires after 30 days.
The minimum password update interval is 36 hours.
•
•
The maximum account idle time is 30 days.
A password cannot contain the username or the reverse of the username.
•
No character appears consecutively three or more times in a password.
•
Configure a super password control policy for user role network-operator to meet the following
requirements:
A super password must contain at least 24 characters.
•
Command
password-control super
composition type-number
type-number [ type-length
type-length ]
Command
display password-control [ super ]
display password-control blacklist [ user-name name | ip
ipv4-address | ipv6 ipv6-address ]
reset password-control blacklist [ user-name name ]
reset password-control history-record [ user-name name |
super [ role role name ] ]
56
Remarks
By default, a super password must
contain at least one character type
and at least one character for each
type.