HP MSR2000/3000/4000 Router Series Security Configuration Guide
82
Ste
p
Command
Remarks
2. Enable the global password
control feature.
password-control enable
By default, the global password
control feature is disabled.
3. (Optional.) Enable a specific
password control function.
password-control { aging |
composition | history | length }
enable
By default, all four password
control functions are enabled.
Setting global password control parameters
The password expiration time, minimum password length, and password composition policy can be
configured in system view, user group view, or local user view. The password settings with a smaller
application scope have higher priority. Global settings in system view apply to the passwords of the local
users in all user groups if you do not configure password policies for these users in both local user view
and user group view.
The password-control login-attempt command takes effect immediately and can affect the users already
in the password control blacklist. Other password control configurations do not take effect on users that
have been logged in or passwords that have been configured.
To set global password control parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the password expiration
time.
password-control aging aging-time
The default setting is 90 days.
3. Set the minimum password
update interval.
password-control update-interval
interval
The default setting is 24 hours.
4. Set the minimum password
length.
password-control length length
• In non-FIPS mode, the default
setting is 10 characters.
• In FIPS mode, the default length
is 15 characters.
5. Configure the password
composition policy.
password-control composition
type-number type-number
[ type-length type-length ]
• In non-FIPS mode, a default
password must contain at least
one character type and at least
one character for each type.
• In FIPS mode, a default
password must contain at least
four character types and at
least one character for each
type.
6. Configure the password
complexity checking policy.
password-control complexity
{ same-character | user-name }
check
By default, the system does not
perform password complexity
checking.
7. Set the maximum number of
history password records for
each user.
password-control history
max-record-num
The default setting is 4.