Operation
Command
Description
Create a local user or enter
local user view
local-user
user-name
—
Configure a password aging
time for the local user
password-control aging
aging-time
Optional
By default, the aging time is
90 days.
In this section, you must note the effective range of the same commands when executed in different
views or to different types of passwords:
z
Global settings in system view apply to all local user passwords and super passwords.
z
Settings in the local user view apply to the local user password only.
z
Settings on the parameters of the super passwords apply to super passwords only.
The priority of these settings is as follows:
z
For local user passwords, the settings in local user view override those in system view unless the
former are not provided.
z
For super passwords, the separate settings for super password override those in system view
unless the former are not provided.
After password aging is enabled, the device will decide whether the user password ages out when a
user logging into the system is undergoing the password authentication. This has three cases:
1) The password has not expired. The user logs in before the configured alert time. In this case, the
user logs in successfully.
2) The password has not expired. The user logs in after the configured alert time. In this case, the
system alerts the user to the remaining time (in days) for the password to expire and prompts the
user to change the password.
z
If the user chooses to change the password and changes it successfully, the system records the
new password, restarts the password aging, and allows the user to log in at the same time.
z
If the user chooses not to change the password, the system allows the user to log in. If the user
chooses to change the password but fails in modification, the system logs out the user after the
maximum number of attempts is reached.
3) The password has already expired. In this case, the system alerts the user to the expiration,
requires the user to change the password, and requires the user to change the password again if
the user inputs an inappropriate password or the two input passwords are inconsistent.