Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
61626364656667686970
57
Configuring password control
Overview
Password control refers to a set of functions provided by the device to manage login and super password
setup, expirations, and updates for device management users, and to control user login status based on
predefined policies.
NOTE:
Local users are divided into two types: device management users and network access users. This feature
applies only to device management users. For more information about local users, see "Configuring
AAA."
To switch from one user role to another, a user must enter a password for authentication. This password
is called a super password. For more information about super passwords, see
Fundamentals
Configuration Guide
.
Password setting
Minimum password length
You can define the minimum length of user passwords. If a user enters a password that is shorter than the
minimum length, the system rejects the password.
Password composition policy
A password can be a combination of characters from the following types:
Uppercase letters A to Z
Lowercase letters a to z
Digits 0 to 9
32 special characters: blank space, tilde (~), back quote (`), exclamation point (!), at sign (@),
pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&), asterisk (*), left
parenthesis ("("), right parenthesis (")"), underscore (_), plus sign (+), minus sign (-), equal sign (=),
left brace ({), right brace (}), vertical bar (|), left bracket ([), right bracket (]), back slash (\), colon
(:), quotation marks ("), semi-colon (;), apostrophe ('), left angle bracket (<), right angle bracket (>),
comma (,), dot (.), and slash (/)
Depending on the system's security requirements, you can set the minimum number of character types a
password must contain and the minimum number of characters for each type.
In non-FIPS mode, there are four password combination levels: 1, 2, 3, and 4. A level 1 password must
contain characters of at least one type, level 2 at least two types, level 3 at least three types, and level
4 at least four types.
In FIPS mode, a password must contain characters of four types and each type contains at least one
character.
When a user sets or changes a password, the system checks if the password meets the combination
requirement. If not, the operation will fail.