HP MSR2000/3000/4000 Router Series Security Configuration Guide
85
To set super password control parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the password expiration
time for super passwords.
password-control super aging
aging-time
The default setting is 90 days.
3. Configure the minimum length
for super passwords.
password-control super length
length
• In non-FIPS mode, the default
setting is 10 characters.
• In FIPS mode, the default setting
is 15 characters.
4. Configure the password
composition policy for super
passwords.
password-control super
composition type-number
type-number [ type-length
type-length ]
• In non-FIPS mode, a default
super password must contain at
least one character type and at
least one character for each
type.
• In FIPS mode, a default super
password must at least contain
four character types and at
least one character for each
type.
Displaying and maintaining password control
Execute display commands in any view and reset commands in user view.
Task Command
Display password control configuration. display password-control [ super ]
Display information about users in the
password control blacklist.
display password-control blacklist [ user-name name | ip
ipv4-address | ipv6 ipv6-address ]
Delete users from the password control
blacklist.
reset password-control blacklist [ user-name name ]
Clear history password records.
reset password-control history-record [ user-name name |
super [ role role name ] ]
NOTE:
The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
• An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
• A user can log in five times within 60 days after the password expires.