R3303-HP HSR6800 Routers Security Configuration Guide
193
{ Password composition checking
To enable password control:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the global password
control feature.
password-control enable
By default, the global password
control feature is disabled.
3. Enable a specific password
control function.
password-control { aging |
composition | history | length }
enable
Optional.
All of the four password control
functions are enabled by default.
After global password control is enabled, local user passwords configured on the device are not
displayed when you use the corresponding display command.
Setting global password control parameters
The action specified by the password-control login-attempt command takes effect immediately and
affects the users already in the password control blacklist. Other password control configurations take
effect only on users logging in later and passwords configured later.
To set global password control parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the password aging time.
password-control aging aging-time
Optional.
90 days by default.
3. Set the minimum password
update interval.
password-control password
update interval interval
Optional.
24 hours by default.
4. Set the minimum password
length.
password-control length length
Optional.
10 characters by default.
5. Configure the password
composition policy.
password-control composition
type-number type-number
[ type-length type-length ]
Optional.
• In non-FIPS mode:
By default, a password must
contain at least one type of
characters and each type must
contain at least one character.
• In FIPS mode:
By default, a password must
contain four types of characters
and each type must contain at
least one character.
6. Configure the password
complexity checking policy.
password-control complexity
{ same-character | user-name }
check
Optional.
By default, the system does not
perform password complexity
checking.