Usage Scenario
To improve password security,
the administrator can use this command to set the validity period
for local user's password. When the validity period expires, the password
becomes invalid.
If the local user still uses this password
to log in to the device, the device allows the user to log in, prompts
the user that the password has expired, and asks the user whether
to change the password:
- If the user selects Y, the user needs to enter the old
password, new password, and confirm password. The password can be
successfully changed only when the old password is correct and the
new password and confirm password are the same and meet requirements
(password length and complexity). After the password is changed, the
user can log in to the device successfully.
- If the user selects N or fails to change the password,
the user cannot log in.
Precautions
Changing the system time will
affect the password validity status.
After this command is executed,
the device checks whether the password expires every minute; therefore,
there may be a time difference within 1 minute.
In V200R010C00 and later versions, when the device starts with the default configurations, it automatically performs the following configurations and saves the configurations to the configuration file:
- Run the local-aaa-user password policy administrator command to enable the password policy for local administrators.
- Run the password expire 0 command to configure the passwords of local administrators to be permanently valid.
- Run the password history record number 0 command to configure the device not to check whether a changed password of a local administrator is the same as any historical password.