R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

461

462

463

464

465

466

467

468

469

470

450

Task Command

Remarks

Clear history password records.

reset password-control

history-record [ user-name name |

super [ level level ] ]

Available in user view.

This command can delete the

history password records of one or

all users even when the password

history function is disabled.

Password control configuration example

Network requirements

Configure a global password control policy to meet the following requirements:

• An FTP or VTY user failing to provide the correct password in two successive login attempts is

permanently prohibited from logging in.

• A user can log in five times within 60 days after the password expires.

• A password expires after 30 days.

• The minimum password update interval is 36 hours.

• The maximum account idle time is 30 days.

• A password cannot contain the username or the reverse of the username.

• No character appears consecutively three or more times in a password.

Configure a super password control policy to meet the following requirements: A super password must

contain at least three character types and at least five characters for each type.

Configure a password control policy for the local Telnet user test to meet the following requirements:

• The password must contain at least 12 characters.

• The password must contain at least two character types and at least five characters for each type.

• The password for the local user expires after 20 days.

Configuration procedure

# Enable the password control feature globally.

<Sysname> system-view

[Sysname] password-control enable

# Prohibit the user from logging in forever after two successive login failures.

[Sysname] password-control login-attempt 2 exceed lock

# Globally set all passwords to expire after 30 days.

[Sysname] password-control aging 30

# Set the minimum password update interval to 36 hours.

[Sysname] password-control password update interval 36

# Specify that a user can log in five times within 60 days after the password expires.

[Sysname] password-control expired-user-login delay 60 times 5

# Set the maximum account idle time to 30 days.

[Sysname] password-control login idle-time 30

# Refuse any password that contains the username or the reverse of the username.

[Sysname] password-control complexity user-name check