Password Control Configuration Example; Network Requirements; Configuration Procedure - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
NOTE:
The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
•
A password must contain at least 16 characters.
A password must contain four character types and at least four character for each type.
•
An FTP or VTY user failing to provide the correct password in two successive login attempts is
•
permanently prohibited from logging in.
•
A user can log in five times within 60 days after the password expires.
A password expires after 30 days.
•
The minimum password update interval is 36 hours.
•
The maximum account idle time is 30 days.
•
A password cannot contain the username or the reverse of the username.
•
•
No character appears consecutively three or more times in a password.
Configure a super password control policy for user role network-operator to meet the following
requirements:
•
A super password must contain at least 24 characters.
A super password must contain four character types and at least five characters for each type.
•
Configure a password control policy for the local Telnet user test to meet the following requirements:
The password must contain at least 24 characters.
•
The password must contain four character types and at least five characters for each type.
•
•
The password for the local user expires after 20 days.
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Disable a user account permanently if a user fails two consecutive login attempts on the user account.
[Sysname] password-control login-attempt 2 exceed lock
# Set all passwords to expire after 30 days.
[Sysname] password-control aging 30
# Globally set the minimum password length to 16 characters.
[Sysname] password-control length 16
# Set the minimum password update interval to 36 hours.
[Sysname] password-control update-interval 36
120
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
