Enabling password control

To successfully enable the global password control feature and allow device management users to log in to the device, the device must have sufficient storage space.

Enabling the global password control feature is the prerequisite for all password control configurations to take effect. Then, for a specific password control feature to take effect, enable this password control feature.

After the global password control feature is enabled, you cannot display the password and super password configurations for device management users by using the corresponding display commands. However, the configuration for network access user passwords can be displayed. The first password configured for device management users must contain a minimum of four different characters.

To ensure correct function of password control, configure the device to use NTP to obtain the UTC time. After global password control is enabled, password control will record the UTC time when the password is set. The recorded UTC time might not be consistent with the actual UTC time due to power failure or device reboot. The inconsistency will cause the password expiration feature to malfunction. For information about NTP, see Network Management and Monitoring Configuration Guide.

To enable password control:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the global password control feature.

password-control enable

  • In non-FIPS mode, the global password control feature is disabled by default.

  • In FIPS mode, the global password control feature is enabled, and cannot be disabled by default.

3. (Optional.) Enable a specific password control feature.

password-control { aging | composition | history | length } enable

By default, all four password control features are enabled.