R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

447

Ste

p

Command

Remarks

5. Configure the password

composition policy.

password-control composition

type-number type-number

[ type-length type-length ]

Optional.

• In non-FIPS mode, a default

password must contain at least

one character type and at least

one character for each type.

• In FIPS mode, a default

password must contain four

character types and at least

one character for each type.

6. Configure the password

complexity checking policy.

password-control complexity

{ same-character | user-name }

check

Optional.

By default, the system does not

perform password complexity

checking.

7. Set the maximum number of

history password records for

each user.

password-control history

max-record-num

Optional.

The default setting is 4.

8. Specify the maximum number

of login attempts and the

action to be taken when a

user fails to log in after the

specified number of attempts.

password-control login-attempt

login-times [ exceed { lock |

lock-time time | unlock } ]

Optional.

By default, the maximum number

of login attempts is 3 and a user

failing to log in after the specified

number of attempts must wait for 1

minute before trying again.

9. Set the number of days during

which the user is warned of

the pending password

expiration.

password-control

alert-before-expire alert-time

Optional.

The default setting is 7 days.

10. Set the maximum number of

days and maximum number

of times that a user can log in

after the password expires.

password-control

expired-user-login delay delay

times times

Optional.

By default, a user can log in 3

times within 30 days after the

password expires.

11. Set the authentication timeout

time.

password-control

authentication-timeout

authentication-timeout

Optional.

The default setting is 60 seconds.

12. Set the maximum account idle

time.

password-control login idle-time

idle-time

Optional.

The default setting is 90 days.

Setting user group password control parameters

Ste

p

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a user group and enter

user group view.

user-group group-name N/A

3. Configure the password

aging time for the user group.

password-control aging aging-time

Optional.

By default, the aging time of the

user group is the same as the

global password aging time.