1-3Password Control ConfigurationConfiguration PrerequisitesA user PC is connected to the switch to be configured; both devices are operating normally.Configuration TasksThe following sections describe the configuration tasks for password control:z Configuring Password Agingz Configuring the Limitation of Minimum Password Lengthz Configuring History Password Recordingz Configuring a User Login Password in Interactive Modez Configuring Login Attempt Times Limitation and Failure Processing Modez Configuring the Password Authentication Timeout Timez Configuring Password Composition PoliciesAfter the above configuration, you can execute the display password-control command in any view tocheck the information about the password control for all users, including the enabled/disabled state ofpassword aging, the aging time, enabled/disabled state of password composition policy, minimumnumber of types that a password should contain, minimum number of characters of each type, theenabled/disabled state of history password recording, the maximum number of history passwordrecords, the alert time before password expiration, the timeout time for password authentication, themaximum number of attempts, and the processing mode for login attempt failures.If the password attempts of a user fail for several times, the system adds the user to the blacklist. Youcan execute the display password-control blacklist command in any view to check the names andthe IP addresses of such users.Configuring Password AgingTable 1-2 Configure password agingOperation Command DescriptionEnter system view system-view —Enable password aging password-control aging enableOptionalBy default, password aging isenabled.Configure a password agingtime globallypassword-control agingaging-timeOptionalBy default, the aging time is90 days.Configure a password agingtime for a super passwordpassword-control super agingaging-timeOptionalBy default, the aging time is90 days.Enable the system to alertusers to change theirpasswords when theirpasswords will soon expire,and specify how many daysahead of the expiration thesystem alerts the users.password-controlalert-before-expire alert-timeOptionalBy default, users are alertedseven days ahead of thepassword expiration.