4000 Router Series Security Command Reference

117

Views

System view

Predefined user roles

network-admin

Usage guidelines

A specific password control function takes effect only after the global password control feature is

enabled.

After the global password control feature is enabled, you cannot display the password and super

password configurations for device management users by using the corresponding display commands.

However, the configuration for network access user passwords can be displayed. The first password

configured for device management users must contain at least four different characters.

Examples

# Enable the password control feature globally.

<Sysname> system-view

[Sysname] password-control enable

Related commands

• display password-control

• password-control { aging | composition | history | length } enable

password-control expired-user-login

Use password-control expired-user-login to set the maximum number of days and maximum number of

times that a user can log in after the password expires.

Use undo password-control expired-user-login to restore the defaults.

Syntax

password-control expired-user-login delay delay times times

undo password-control expired-user-login

Default

A user can log in three times within 30 days after the password expires.

Views

System view

Predefined user roles

network-admin

Parameters

delay delay: Sets the maximum number of days during which a user can log in using an expired

password. The value range for the delay argument is 1 to 90.

times times: Sets the maximum number of times a user can log in after the password expires. The value

range is 0 to 10 and 0 means that a user cannot log in after the password expires.