Usage Scenario
After a local user is created using the
local-user command, the minimum length and complexity of the password are limited. If you want to improve password security, you can run the following commands to configure the password policy for the local administrators:
- Run the password expire command to set the password validity period.
- Run the password alert before-expire command to set the password expiration prompt days.
- Run the password alert original command to enable the device to prompt users to change initial passwords.
- Run the password history record number command to set the maximum number of previously used passwords recorded for each user.
Precautions
After the undo local-aaa-user password policy administrator command is executed, the administrator password policy will be disabled, causing a security risk.
In V200R010C00 and later versions, when the device starts with the default configurations, it automatically performs the following configurations and saves the configurations to the configuration file:
- Run the local-aaa-user password policy administrator command to enable the password policy for local administrators.
- Run the password expire 0 command to configure the passwords of local administrators to be permanently valid.
- Run the password history record number 0 command to configure the device not to check whether a changed password of a local administrator is the same as any historical password.