Password control configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 265

Advertising
background image

255

Task Command

Remarks

Display information about users
blacklisted due to authentication

failure.

display password-control blacklist
[ user-name name | ip
ipv4-address | ipv6 ipv6-address ]

[ | { begin | exclude | include }

regular-expression ]

Available in any view

Delete users from the blacklist.

reset password-control blacklist
[ user-name name ]

Available in user view

Clear history password records.

reset password-control
history-record [ user-name name |

super [ level level ] ]

Available in user view

NOTE:

The reset password-control history-record command can delete the history password records of one or
all users even when the password history function is disabled.

Password control configuration example

Network requirements

Configure a global password control policy to meet the following requirements:

An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.

A user can log in five times within 60 days after the password expires.

The password aging time is 30 days.

The minimum password update interval is 36 hours.

The maximum account idle time is 30 days.

A password cannot contain the username or the reverse of the username.

No character occurs consecutively three or more times in a password.

Configure a super password control policy to meet the following requirements:

A super password must contain at least three types of valid characters, five or more of each type.

Configure a password control policy for the local Telnet user test to meet the following requirements:

The password must contain at least 12 characters.

The password must contain at least two character types and at least five characters for each type.

The password aging time is 20 days.

Configuration procedure

# Enable the password control feature globally.

<Sysname> system-view

[Sysname] password-control enable

# Prohibit the user from logging in forever after two successive login failures.

[Sysname] password-control login-attempt 2 exceed lock

# Set the password aging time to 30 days for all passwords.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals