show accounts password-policy

show accounts password-policy


Displays password policy information for all users on the switch.

Syntax Description

This command has no arguments or variables.



Usage Guidelines

To view the password management information, you must have administrator privileges.

The show accounts password-policy command displays the following information in a tabular format:
  • Global password management parameters applied to new accounts upon creation:
    • Maximum age—The maximum number of days for the passwords to remain valid.
    • History limit—The number of previous password that the switch scans prior to validating a new password.
    • Minimum length—The minimum number of characters in passwords.
    • Character validation—The passwords must be in the specific format required by the configure account password-policy char-validation command.
    • Lockout on login failures—If enabled, the system locks out users after 3 failed login attempts.
    • Accounts locked out—Number of accounts locked out.
  • User Name—The name of the user. This list displays all of the users who have access to the switch.
  • Password Expiry Date—Date the password for this account expires; may be blank.
  • Password Max. age—The number of days originally allowed to passwords on this account; may show None.
  • Password Min. length—The minimum number of characters required for passwords on this account; may show None.
  • Password History Limit—The number of previous passwords the system scans to disallow duplication on this account; may show None.


The following command displays the password management parameters configured for each account on the switch:

# show accounts password-policy

Accounts global configuration(applied to new accounts on creation)
Password Max. age               : None
Password Min. age               : None
Password Min. Different Chars   : 8
Password History limit          : None
Password Min. length            : None
Password Character Validation   : Disabled
Accts. lockout on login failures: Disabled
Lockout time period             : Until Cleared
                   User Name     Expiry       Max. Expiry       Min. Min. Min. Hist  Lockout Lockout Flags
                                 Date         Age  Date         age  len  diff Limit Time    Time
                                 (Max)             (Min)                  char       Config  Remain
-------------------------------- ------------ ---- ------------ ---- ---- ---- ----- ------- ------- -----
                           admin              None              None None    0  None       U       - ---
                            user              None              None None    0  None       U       - ---
Lockout Time Config: (U) Account is locked until cleared via 'clear account <name> lockout'.
Flags: (C) Password character validation enabled, (L) Account locked out,
       (l) Account lockout on login failures enabled


This command was first available in ExtremeXOS 11.2.

Minimum different characters for changed password and minimum lifespan for passwords information was added in ExtremeXOS 30.7.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.