R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

240

NOTE:

A

fter

g

lobal password control is enabled, local user passwords confi

g

ured on the firewall are not

displayed when you use the corresponding display command.

Setting global password control parameters

Ste

p

Command

Remarks

1. Enter system view.

system-view N/A

2. Set the password aging time.

password-control aging aging-time

Optional.

90 days by default.

3. Set the minimum password

update interval.

password-control password

update interval interval

Optional.

24 hours by default.

4. Set the minimum password

length.

password-control length length

Optional.

10 characters by default.

A password must contain at least

eight characters.

5. Configure the password

composition policy.

password-control composition

type-number policy-type

[ type-length type-length ]

Optional.

By default, a password must

contain at least one type of

characters and each type must

contain at least one character.

In FIPS mode, a password must

contain four types of characters.

6. Configure the password

complexity checking policy.

password-control complexity

{ same-character | user-name }

check

Optional.

By default, the system does not

perform password complexity

checking.

7. Set the maximum number of

history password records for

each user.

password-control history

max-record-num

Optional.

4 by default.

8. Specify the maximum number

of login attempts and the

action to be taken when a

user fails to log in after the

specified number of attempts.

password-control login-attempt

login-times [ exceed { lock | unlock

| lock-time time | unlock } ]

Optional.

By default, the maximum number

of login attempts is 3 and a user

failing to log in after the specified

number of attempts must wait for

one minute before trying again.

9. Set the number of days during

which the user is warned of

the pending password

expiration.

password-control

alert-before-expire alert-time

Optional.

7 days by default.

10. Set the maximum number of

days and maximum number

of times that a user can log in

after the password expires.

password-control

expired-user-login delay delay

times times

Optional.

By default, a user can log in three

times within 30 days after the

password expires.