configure account password-policy max-age

configure account [all | name] password-policy max-age [num_days | none]

Description

Configures a time limit for the passwords for specified accounts. The passwords for the default admin account and the failsafe account do not age out.

Syntax Description

all Specifies all accounts (and future users).
name Specifies an account name.
num_days Specifies the length of time that a password can be used. The range is 1 to 365 days.
none Resets the password to never expire.

Default

N/A.

Usage Guidelines

The passwords for the default admin account and the failsafe account never expire.

The time limit is specified in days, from 1 to 365 days. Existing sessions are not closed when the time limit expires; it will not open the next time the user attempts to log in.

When a user logs into an account with an expired password, the system first verifies that the entered password had been valid prior to expiring, and then prompts the user to change the password.

Note

Note

This is the sole time that a user with a user-level (opposed to an administrator-level) account can make any changes to the user-level account.

Using the none option prevents the password for the specified account from ever expiring (it resets the password to the system default of no time limit).

To set a minimum lifespan for passwords, use the configure account [all | name] password-policy min-age [num_days | none] command.

In the case of conflicting settings between these two commands, a setting requiring a password change overrides a setting that prohibits a password change. For example, if max-age is set to 10 days, thus requiring a password change in 10 days, and a min-age is set to 20 days, attempting to forbid a password change until 20 days, the configuration to change the password after 10 days takes precedence over the configuration to not change the password for 20 days.

To view the current selection for the maximum lifespan for passwords, use the show accounts password-policy command.

Example

The following command sets a 3-month time limit for the password for the account marketing:

# configure account marketing password-policy max-age 90

History

This command was first available in ExtremeXOS 11.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.