R0106-HP MSR Router Series Security Configuration Guide(V7)
189
Task Command
Display information about users in the
password control blacklist.
display password-control blacklist [ user-name name | ip
ipv4-address | ipv6 ipv6-address ]
Delete users from the password control
blacklist.
reset password-control blacklist [ user-name name ]
Clear history password records.
reset password-control history-record [ user-name name |
super [ role role name ] ]
NOTE:
The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
• A password must contain at least 16 characters.
• A password must contain at least four character types and at least four characters for each type.
• An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
• A user can log in five times within 60 days after the password expires.
• A password expires after 30 days.
• The minimum password update interval is 36 hours.
• The maximum account idle time is 30 days.
• A password cannot contain the username or the reverse of the username.
• No character appears consecutively three or more times in a password.
Configure a super password control policy for user role network-operator to meet the following
requirements:
• A super password must contain at least 24 characters.
• A super password must contain at least four character types and at least five characters for each
type.
Configure a password control policy for the local Telnet user test to meet the following requirements:
• The password must contain at least 24 characters.
• The password must contain at least four character types and at least five characters for each type.
• The password for the local user expires after 20 days.
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable