Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
280
Displaying and maintaining password control
Task Command
Remarks
Display password control
configuration information.
display password-control [ super ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Display information about
users in the password control
blacklist.
display password-control blacklist
[ user-name name | ip ipv4-address |
ipv6 ipv6-address ] [ | { begin | exclude
| include } regular-expression ]
Available in any view.
Delete users from the
password control blacklist.
reset password-control blacklist
[ user-name name ]
Available in user view.
Clear history password
records.
reset password-control history-record
[ user-name name | super [ level level ] ]
Available in user view.
This command can delete the
history password records of one or
all users even when the password
history function is disabled.
Password control configuration example
Network requirements
Configure a global password control policy to meet the following requirements:
An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
A user can log in five times within 60 days after the password expires.
The password aging time is 30 days.
The minimum password update interval is 36 hours.
The maximum account idle time is 30 days.
A password cannot contain the username or the reverse of the username.
No character occurs consecutively three or more times in a password.
Configure a super password control policy to meet the following requirement: A super password must
contain at least three character types and at least five characters for each type.
Configure a password control policy for the local Telnet user test to meet the following requirements:
The password must contain at least 12 characters.
The password must contain at least two character types and at least five characters for each type.
The password aging time is 20 days.
Configuration procedure
# Enable the password control feature globally.
<Firewall> system-view
[Firewall] password-control enable
# Prohibit the user from logging in forever after two successive login failures.