Usage Scenario
Only the user who passes local authentication can change the password. That is, after the administrator has created a local user by running the local-user password command and the user passing local authentication logs in successfully, the user can change the password.
Configuration Impact
After the user that passes local authentication changes the password, the user must type the new password to pass local authentication.
Precautions
The local-user change-password command is used to change the password of a local user. It does not save the configuration, but the result of changing the password is saved through the local-user password command.
A malicious user will try password authentication repeatedly to decrypt the user password. To prevent the user password from being decrypted, run the user-block failed-times command to set the maximum allowed number of successive authentication failures in a specified period of time. If the number of successive authentication failures of a local user in a set period exceeds the allowed number, the local user will be locked. That enhances password security.
A local user attribute change does not apply to online users. The change takes effect after the online users relog in.
After the weak password dictionary maintenance function is enabled, the passwords (which can be queried using the display security weak-password-dictionary command) defined in the weak password dictionary are unavailable.