108To enable password control:Step Command Remarks1. Enter system view. system-view N/A2. Enable the global passwordcontrol feature. password-control enable By default, the global passwordcontrol feature is disabled.3. (Optional.) Enable a specificpassword control function.password-control { aging |composition | history | length }enableBy default, all four passwordcontrol functions are enabled.Setting global password control parametersThe password expiration time, minimum password length, and password composition policy can beconfigured in system view, user group view, or local user view. The password settings with a smallerapplication scope have higher priority. Global settings in system view apply to the passwords of the localusers in all user groups if you do not configure password policies for these users in both local user viewand user group view.The password-control login-attempt command takes effect immediately and can affect the users alreadyin the password control blacklist. Other password control configurations do not take effect on users thathave been logged in or passwords that have been configured.To set global password control parameters:Step Command Remarks1. Enter system view. system-view N/A2. Set the password expirationtime. password-control aging aging-time The default setting is 90 days.3. Set the minimum passwordupdate interval.password-control update intervalinterval The default setting is 24 hours.4. Set the minimum passwordlength. password-control length length• In non-FIPS mode, the defaultlength is 10 characters.• In FIPS mode, the default lengthis 15 characters.5. Configure the passwordcomposition policy.password-control compositiontype-number type-number[ type-length type-length ]• In non-FIPS mode, a defaultpassword must contain at leastone character type and at leastone character for each type.• In FIPS mode, a defaultpassword must contain fourcharacter types and at leastone character for each type.6. Configure the passwordcomplexity checking policy.password-control complexity{ same-character | user-name }checkBy default, the system does notperform password complexitychecking.7. Set the maximum number ofhistory password records foreach user.password-control historymax-record-num The default setting is 4.