Setting Global Password Control Parameters - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
For security purposes, the system prompts for Telnet, SSH, and terminal users to change their passwords
the first time they log in to the device after the global password control is enabled. Because FTP users can
only have their passwords changed by the administrator, if the administrator does not change passwords
for the FTP users after the global password control is enabled, the FTP users cannot log in to the device.
About the minimum password length:
When global password control is disabled, the minimum password length is one character.
•
•
When global password control is enabled but the minimum password length restriction function is
disabled, the following rules are applied:
In non-FIPS mode, the minimum password length is four characters, and the password must have
at least four different characters.
In FIPS mode, the minimum password length is eight characters, and the password must have at
least four different characters.
•
When global password control and the minimum password length restriction function are both
enabled, the minimum password length is that configured by the password-control length length
command. However, the password must meet the FIPS requirements.
About password history control:
•
When global password control is disabled, or when global password control is enabled but the
password history control is disabled, the device does not record history passwords and allows a
user to set a new password the same as a previously used one.
When global password control and password history control are both enabled, the system records
•
history passwords for users. When a user changes the password, the system compares the new
password against the history passwords and the current password. The new password must be
different from the used ones by at least four characters and the four characters must not be the same.
Otherwise, the user will fail to change the password.
Setting global password control parameters
The action specified the password-control login-attempt command takes effect immediately, and thus
affects the users already in the password control blacklist. Other password control configurations take
effect only for users logging in later and passwords configured later.
To set global password control parameters:
Step
1.
Enter system view.
2.
Set the password aging time.
3.
Set the minimum password
update interval.
4.
Set the minimum password
length.
Command
system-view
password-control aging aging-time
password-control password
update interval interval
password-control length length
288
Remarks
N/A
Optional.
The default setting is 90 days.
Optional.
The default setting is 24 hours.
Optional.
The default setting is 10
characters.
Advertisement
Table of Contents
Troubleshooting
