R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

251

252

253

254

255

256

257

258

259

260

244

Password control configuration example

Network requirements

Implementing the following global password control policy:

• An FTP or VTY user failing to provide the correct password in two successive login attempts is

permanently prohibited from logging in.

• A user can log in five times within 60 days after the password expires.

• The password aging time is 30 days.

• The minimum password update interval is 36 hours.

• The maximum account idle time is 30 days.

• A password cannot contain the username or the reverse of the username.

• No character occurs consecutively three or more times in a password.

Implementing the following super password control policy:

• A super password must contain at least three types of valid characters, five or more of each type.

Implementing the following password control policy for local Telnet user test:

• The password must contain at least 12 characters.

• The password must consist of at least two types of valid characters, five or more of each type.

• The password aging time is 20 days.

Configuration procedure

# Enable the password control feature globally.

<Sysname> system-view

[Sysname] password-control enable

# Prohibit the user from logging in forever after two successive login failures.

[Sysname] password-control login-attempt 2 exceed lock

# Set the password aging time to 30 days for all passwords.

[Sysname] password-control aging 30

# Set the minimum password update interval to 36 hours.

[Sysname] password-control password update interval 36

# Specify that a user can log in five times within 60 days after the password expires.

[Sysname] password-control expired-user-login delay 60 times 5

# Set the maximum account idle time to 30 days.

[Sysname] password-control login idle-time 30

# Refuse any password that contains the username or the reverse of the username.

[Sysname] password-control complexity user-name check

# Specify that no character of the password can be repeated three or more times consecutively.

[Sysname] password-control complexity same-character check

# Specify that a super password must contain at least 3 types of characters and each type must contain

at least 5 characters.

[Sysname] password-control super composition type-number 3 type-length 5

# Configure a super password.