This section provides a sample of configuring security of the local user password using the merge method.
Operation |
XPATH |
|---|---|
edit-config:merge |
|
Item |
Data |
Description |
|---|---|---|
Password policy of the local administrator |
|
Enable the password policy for the local administrator, set the password expiration period to 90 days, configure the system to prompt users to change the password 5 days before the password expires, enable the initial password change prompt function, and set the maximum number of historical passwords recorded for each user to 5. |
Password policy for local access users |
|
Enable the password policy for local access users and set the maximum number of historical passwords recorded for each user to 5. |
| Local account locking function |
|
Enable the function of locking the password of the local account, and set the user retry interval to 5 minutes, maximum number of consecutive incorrect password attempts to 3, and account locking time to 10 minutes. |
| Whether to enable the password complexity check | true | Enable the password complexity check. |
<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-user-management:user-management xmlns:hw-user-management="urn:huawei:params:xml:ns:yang:huawei-user-management">
<hw-user-management:administrator-password-police>
<hw-user-management:enable>true</hw-user-management:enable>
<hw-user-management:expire-day>90</hw-user-management:expire-day>
<hw-user-management:alert-expire-day>5</hw-user-management:alert-expire-day>
<hw-user-management:alert-original>true</hw-user-management:alert-original>
<hw-user-management:history-record-number>5</hw-user-management:history-record-number>
</hw-user-management:administrator-password-police>
<hw-user-management:user-password-police>
<hw-user-management:enable>true</hw-user-management:enable>
<hw-user-management:history-record-number>5</hw-user-management:history-record-number>
</hw-user-management:user-password-police>
<hw-user-management:wrong-password-police>
<hw-user-management:retry-interval>5</hw-user-management:retry-interval>
<hw-user-management:retry-times>3</hw-user-management:retry-times>
<hw-user-management:block-time>10</hw-user-management:block-time>
</hw-user-management:wrong-password-police>
<hw-user-management:password-option>
<hw-user-management:complexity-check>true</hw-user-management:complexity-check>
</hw-user-management:password-option>
</hw-user-management:user-management>
</config>
</edit-config>
</rpc>
Sample of successful response
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123"> <ok/> </rpc-reply>
Sample of failed response
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-path>/huawei-user-management:user-management/administrator-password-police/expire-day</error-path>
<error-message>parse rpc config error.(Value "1000" does not satisfy the constraint "0..999" (range, length, or pattern).).</error-message>
</rpc-error>
</rpc-reply>