Password Control Configuration 577length limitation, the configured minimum password length (if available); theenable/disable state of history password recording, the maximum number of historypassword records, the time when the password history was last cleared; the timeouttime for password authentication; the maximum number of attempts, and theprocessing mode for login attempt failures.If all the password attempts of a user fail, the system adds the user to the blacklist.You can execute the display password-control blacklist command in any view tocheck the names and the IP addresses of such users.Configuring PasswordAgingTo cancel the above configurations, use the corresponding undo commands.You can configure the password aging time when password aging is not yet enabled,but these configured parameters will not take effect.Table 635 Configure password agingOperation Command DescriptionEnter system view system-view —Enable password aging password-control aging enable OptionalBy default, password aging isenabled.Set aging time for superpasswordspassword-control super agingaging-timeOptionalBy default, the aging time is 90days.Set aging time for systemlogin passwordspassword-control agingaging-timeOptionalBy default, the aging time is 90days.Enable the system to alertusers to change theirpasswords when theirpasswords will soon expire,and specify how manydays ahead of theexpiration the system alertsthe users.password-controlalert-before-expire alert-timeBy default, users are alertedseven days ahead of thepassword expiration.Display the informationabout the global passwordcontrol for all usersdisplay password-control You can execute the displaycommand in any view.Display the informationabout the passwordcontrol for superpasswords, including theaging time and minimumpassword length.display password-control super
