password-control aging

Use password-control aging to set the password aging time.

Use undo password-control aging to restore the default.


password-control aging aging-time

undo password-control aging


A password expires after 90 days. The password aging time for a user group equals the global setting. The password aging time for a local user equals that of the user group to which the local user belongs.


System view

User group view

Local user view

Predefined user roles




aging-time: Specifies the password aging time in days, in the range of 1 to 365.

Usage guidelines

The aging time depends on the view:

A password aging time with a smaller application scope has higher priority. The system prefers to use the password aging time in local user view for a local user.


# Globally set the passwords to expire after 80 days.

<Sysname> system-view
[Sysname] password-control aging 80 

# Set the passwords for user group test to expire after 90 days.

[Sysname] user-group test
[Sysname-ugroup-test] password-control aging 90
[Sysname-ugroup-test] quit

# Set the password for device management user abc to expire after 100 days.

[Sysname] local-user abc class manage
[Sysname-luser-manage-abc] password-control aging 100

Related commands

display local-user

display password-control

display user-group

password-control aging enable