password-control expired-user-login
Use password-control expired-user-login to set the maximum number of days and maximum number of times that a user can log in after the password expires.
Use undo password-control expired-user-login to restore the defaults.
Syntax
password-control expired-user-login delay delay times times
undo password-control expired-user-login
Default
A user can use an expired password to log in three times within 30 days after the password expires. If all the three attempts fail or the user makes a login attempt after 30 days, the system prompts the user to set a new password.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
delay delay: Specifies the maximum number of days during which a user can log in using an expired password. The value range for the delay argument is 1 to 90.
times times: Specifies the maximum number of times a user can log in after the password expires. The value range is 0 to 10. For a user to set a new password at the system prompt immediately after the password expires, set the value to 0.
Usage guidelines
This command is effective only on non-FTP login users. An FTP user cannot continue to log in after its password expires.
Examples
# Allow a user to log in five times within 60 days after the password expires.
<Sysname> system-view [Sysname] password-control expired-user-login delay 60 times 5
Related commands
display password-control