Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
71727374757677787980
64
Displaying and maintaining password control
Execute display commands in any view and reset commands in user view.
Task Command
Display password control configuration. display password-control [ super ]
Display information about users in the
password control blacklist.
display password-control blacklist [ user-name name | ip
ipv4-address | ipv6 ipv6-address ]
Delete users from the password control
blacklist.
reset password-control blacklist [ user-name name ]
Clear history password records.
reset password-control history-record [ user-name name |
super [ role role name ] ]
NOTE:
The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.
Password control configuration example
Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode.
Network requirements
Implement the following global password control policy:
An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
A user can log in five times within 60 days after the password expires.
A password expires after 30 days.
The minimum password update interval is 36 hours.
The maximum account idle time is 30 days.
A password cannot contain the username or the reverse of the username.
No character appears consecutively three or more times in a password.
Implement the following super password control policy required for switching to user role
network-operator: A super password must contain at least three types of valid characters, five or more
characters of each type.
Implement the following password control policy for local Telnet user test:
The password must contain at least 12 characters.
The password must consist of at least two types of valid characters, five or more characters of each
type.
The password for the local user expires after 20 days.
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable