Password control configuration example
Network requirements
Implement the following global password control policy:
An FTP or VTY user failing to provide the correct password in two successive login attempts is
•
permanently prohibited from logging in.
A user can log in five times within 60 days after the password expires.
•
•
The password expires after 30 days.
The minimum password update interval is 36 hours.
•
The maximum account idle time is 30 days.
•
•
A password cannot contain the username or the reverse of the username.
No character occurs consecutively three or more times in a password.
•
Implement the following super password control policy:A super password must contain at least three
types of valid characters, five or more of each type.
Implement the following password control policy for local Telnet user test:
•
The password must contain at least 12 characters.
The password must consist of at least two types of valid characters, five or more of each type.
•
The password for the local user expires after 20 days.
•
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Prohibit the user from logging in forever after two successive login failures.
[Sysname] password-control login-attempt 2 exceed lock
# Globally set all passwords to expire after 30 days
[Sysname] password-control aging 30
# Set the minimum password update interval to 36 hours.
[Sysname] password-control password update interval 36
# Specify that a user can log in five times within 60 days after the password expires.
[Sysname] password-control expired-user-login delay 60 times 5
# Set the maximum account idle time to 30 days.
[Sysname] password-control login idle-time 30
# Refuse any password that contains the username or the reverse of the username.
[Sysname] password-control complexity user-name check
# Specify that no character of the password can be repeated three or more times consecutively.
[Sysname] password-control complexity same-character check
# Specify that all super passwords must each contain at least three types of valid characters and each
type contains at least five characters.
[Sysname] password-control super composition type-number 3 type-length 5
# Configure a super password.
210