F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

279

To set global password control parameters:

Ste

p

Command

Remarks

1. Enter system view.

system-view N/A

2. Set the password aging time. password-control aging aging-time

Optional.

90 days by default.

3. Set the minimum password

update interval.

password-control password

update interval interval

Optional.

24 hours by default.

4. Set the minimum password

length.

password-control length length

Optional.

10 characters by default.

At least 8 characters.

5. Configure the password

composition policy.

password-control composition

type-number policy-type

[ type-length type-length ]

Optional.

By default, a password must

contain at least one type of

characters and each type must

contain at least one character.

Composition type-number must be

4 in FIPS mode.

6. Configure the password

complexity checking policy.

password-control complexity

{ same-character | user-name }

check

Optional.

By default, the system does not

perform password complexity

checking.

7. Set the maximum number of

history password records for

each user.

password-control history

max-record-num

Optional.

4 by default.

8. Specify the maximum number

of login attempts and the

action to be taken when a

user fails to log in after the

specified number of attempts.

password-control login-attempt

login-times [ exceed { lock |

lock-time time | unlock } ]

Optional.

By default, the maximum number

of login attempts is 3 and a user

failing to log in after the specified

number of attempts must wait for 1

minute before trying again.

9. Set the number of days during

which the user is notified of

the pending password

expiration.

password-control

alert-before-expire alert-time

Optional.

7 days by default.

10. Set the maximum number of

days and maximum number

of times that a user can log in

after the password expires.

password-control

expired-user-login delay delay

times times

Optional.

By default, a user can log in three

times within 30 days after the

password expires.

11. Set the authentication timeout

time.

password-control

authentication-timeout

authentication-timeout

Optional.

60 seconds by default.

12. Set the maximum account idle

time.

password-control login idle-time

idle-time

Optional.

90 days by default.