| min-password length <6–128> | Specifies the minimum number of characters of a password that is to be allowed for users or SNMP users. Does not apply to passwords that have already been set.Default: 6 |
| complexity <1–4> | Specifies how complex users must make their passwords. The following is a description of the values:1disables complexity checking.2requires that passwords are comprised of a minimum of two character types—for example, abcABC.3requires that passwords are comprised of a minimum of three character types—for example, ab1ABC.4requires that passwords are comprised of a minimum of four character types—for example, ab1AB#.Default: 3 |
| palindrome-check <on | off> | Checks for passwords that are read the same left to right or right to left, such as racecar or the phrase “straw warts”.Default: on |
| history-checking <on | off> | Enables a check for passwords being reused.Default: on |
| history-length <1–1000> | Specifies the number of past passwords that will be kept and checked against for reuse for each user.Default: 10 |
| password-expiration <never | 1–1827> | Specifies the number of days since the last password change before a user is required to set a new password.Default: never |
| expiration-warning-days <1–366> | Specifies the number of days before a password expires that a user starts receiving warnings that the password is due to expire.Default: 7 |
| expiration-lockout-days <never | 1–1827> | Specifies the number of days after password expiration that a user is locked out if the user has not set a new password.Default: never |
| force-change-when <no | password | first-password> | Specifies whether to force users to change their passwords.▪no disables forcing a user to change an assigned password at login.▪password forces a user to change a password after an administrator sets it with the set user command or with the Network Voyager User Management page. The forced password change does not apply to passwords set by the user through a self-password change.▪first-password forces a new user to change their password from the initial password assigned by the administrator when the user account was created.Default: no |
| deny-on-fail enable <on | off> | Locks out a user after a configurable number of failed logins. When you enable this feature, keep in mind that it leaves you open to a Denial-of-Service attack by someone issuing unsuccessful login attempts.Default: off |
| deny-on-fail failuresallowed <2–1000> | Sets the number of failed logins a user can have before being locked out.Default: 10 |
| deny-on-fail allow-after <60–604800> | Sets the number of seconds a user must wait before being able to log in after being locked out because of failed logins.Default: 1200 |
| deny-on-nonuse enable <on | off> | Enables locking out users who have not logged in during a configurable amount of time.Default: off |
| deny-on-nonuse alloweddays <30–1827> | Sets the number of days after a user has last logged in before they are locked out.Default: 365 |
