R0106-HP MSR Router Series Security Configuration Guide(V7)
186
Ste
p
Command
Remarks
5. Configure the password
composition policy.
password-control composition
type-number type-number
[ type-length type-length ]
• In non-FIPS mode, a default
password must contain at least
one character type and at least
one character for each type.
• In FIPS mode, a default
password must contain at least
four character types and at
least one character for each
type.
6. Configure the password
complexity checking policy.
password-control complexity
{ same-character | user-name }
check
By default, the system does not
perform password complexity
checking.
7. Set the maximum number of
history password records for
each user.
password-control history
max-record-num
The default setting is 4.
8. Configure the login attempt
limit.
password-control login-attempt
login-times [ exceed { lock |
lock-time time | unlock } ]
By default, the maximum number
of login attempts is 3 and a user
failing to log in after the specified
number of attempts must wait for 1
minute before trying again.
9. Set the number of days during
which a user is notified of the
pending password expiration.
password-control
alert-before-expire alert-time
The default setting is 7 days.
10. Set the maximum number of
days and maximum number of
times that a user can log in
after the password expires.
password-control
expired-user-login delay delay
times times
By default, a user can log in three
times within 30 days after the
password expires.
11. Set the maximum account idle
time.
password-control login idle-time
idle-time
The default setting is 90 days.
Setting user group password control parameters
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user group and enter
user group view.
user-group group-name
By default, no user group exists.
For information about how to
configure a user group, see
"Configuring AAA."
3. Configure the password
expiration time for the user
group.
password-control aging aging-time
By default, the password
expiration time of the user group
equals the global password
expiration time.
4. Configure the minimum
password length for the user
group.
password-control length length
By default, the minimum password
length of the user group equals the
global minimum password length.