password-control expired-user-login

Use password-control expired-user-login to set the maximum number of days and maximum number of times that a user can log in after the password expires.

Use undo password-control expired-user-login to restore the defaults.

Syntax

password-control expired-user-login delay delay times times

undo password-control expired-user-login

Default

A user can use an expired password to log in three times within 30 days after the password expires. If all the three attempts fail or the user makes a login attempt after 30 days, the system prompts the user to set a new password.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

delay delay: Specifies the maximum number of days during which a user can log in using an expired password. The value range for the delay argument is 1 to 90.

times times: Specifies the maximum number of times a user can log in after the password expires. The value range is 0 to 10. For a user to set a new password at the system prompt immediately after the password expires, set the value to 0.

Usage guidelines

This command is effective only on non-FTP login users. An FTP user cannot continue to log in after its password expires.

Examples

# Allow a user to log in five times within 60 days after the password expires.

<Sysname> system-view
[Sysname] password-control expired-user-login delay 60 times 5

Related commands

display password-control