Configuration Procedure - HPE FlexFabric 7900 Series Security Configuration Manual

•
A super password must contain at least four character types and at least five characters for
each type.
Configure a password control policy for the local Telnet user test to meet the following requirements:
•
The password must contain at least 24 characters.
•
The password must contain at least four character types and at least five characters for each
type.
•
The password for the local user expires after 20 days.

Configuration procedure

# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Disable a user account permanently if a user fails two consecutive login attempts on the user
account.
[Sysname] password-control login-attempt 2 exceed lock
# Set all passwords to expire after 30 days.
[Sysname] password-control aging 30
# Globally set the minimum password length to 16 characters.
[Sysname] password-control length 16
# Set the minimum password update interval to 36 hours.
[Sysname] password-control update-interval 36
# Specify that a user can log in five times within 60 days after the password expires.
[Sysname] password-control expired-user-login delay 60 times 5
# Set the maximum account idle time to 30 days.
[Sysname] password-control login idle-time 30
# Refuse any password that contains the username or the reverse of the username.
[Sysname] password-control complexity user-name check
# Specify that no character can be included three or more times consecutively in a password.
[Sysname] password-control complexity same-character check
# Globally specify that all passwords must each contain at least four character types and at least four
characters for each type.
[Sysname] password-control composition type-number 4 type-length 4
# Set the minimum super password length to 24 characters.
[Sysname] password-control super length 24
# Specify that a super password must contain at least four character types and at least five
characters for each type.
[Sysname] password-control super composition type-number 4 type-length 5
# Configure a super password used for switching to user role network-operator as
123456789ABGFTweuix@#$%! in plain text.
[Sysname] super password role network-operator simple 123456789ABGFTweuix@#$%!
Updating user information. Please wait ... ...
# Create a device management user named test.
[Sysname] local-user test class manage
# Set the service type of the user to Telnet.
54