R0106-HP MSR Router Series Security Configuration Guide(V7)
185
Enabling the global password control feature is the prerequisite for all password control configurations
to take effect. Then, for a specific password control function to take effect, enable this password control
function.
After the global password control feature is enabled, you cannot display the password and super
password configurations for device management users by using the corresponding display commands.
However, the configuration for network access user passwords can be displayed. The first password
configured for device management users must contain at least four different characters.
To enable password control:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the global password
control feature.
password-control enable
• In non-FIPS mode, the global
password control feature is
disabled by default.
• In FIPS mode, the global
password control feature is
enabled, and cannot be
disabled by default.
3. (Optional.) Enable a specific
password control function.
password-control { aging |
composition | history | length }
enable
By default, all four password
control functions are enabled.
Setting global password control parameters
The password expiration time, minimum password length, and password composition policy can be
configured in system view, user group view, or local user view. The password settings with a smaller
application scope have higher priority. Global settings in system view apply to the passwords of the local
users in all user groups if you do not configure password policies for these users in both local user view
and user group view.
The password-control login-attempt command takes effect immediately and can affect the users already
in the password control blacklist. Other password control configurations do not take effect on users that
have been logged in or passwords that have been configured.
To set global password control parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the password expiration
time.
password-control aging aging-time
The default setting is 90 days.
3. Set the minimum password
update interval.
password-control update interval
interval
The default setting is 24 hours.
4. Set the minimum password
length.
password-control length length
• In non-FIPS mode, the default
setting is 10 characters.
• In FIPS mode, the default length
is 15 characters.