R2511-HP MSR Router Series Security Command Reference(V5)
527
length: Enables the minimum password length restriction function.
Usage guidelines
For these four functions to take effect, the password control feature must be enabled globally.
You must enable a function for its relevant configurations to take effect. For example, if the minimum
password length restriction function is not enabled, the setting by the password-control length command
does not take effect.
The system stops recording history passwords after you execute the undo password-control history
enable command, but it does not delete the prior records.
If the global password control feature is enabled but the minimum password length restriction function is
disabled, the following rules apply:
• In non-FIPS mode, a password must contain at least four characters and at least four characters must
be different.
• In FIPS mode, a password must contain at least eight characters and at least four characters must be
different.
Examples
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Enable the password composition restriction function.
[Sysname] password-control composition enable
# Enable the password aging function.
[Sysname] password-control aging enable
# Enable the minimum password length restriction function.
[Sysname] password-control length enable
# Enable the password history function.
[Sysname] password-control history enable
Related commands
• password-control enable
• display password-control
password-control aging
Use password-control aging to set the password aging time.
Use undo password-control aging to restore the default.
Syntax
password-control aging aging-time
undo password-control aging
Default
A password expires after 90 days. The password aging time for a user group equals the global setting.
The password aging time for a local user equals that of the user group to which the local user belongs.