Configures a time limit for the passwords for specified accounts. The passwords for the default admin account and the failsafe account do not age out.
all | Specifies all accounts (and future users). |
name | Specifies an account name. |
num_days | Specifies the length of time that a password can be used. The range is 1 to 365 days. |
none | Resets the password to never expire. |
N/A.
The passwords for the default admin account and the failsafe account never expire.
The time limit is specified in days, from 1 to 365 days. Existing sessions are not closed when the time limit expires; it will not open the next time the user attempts to log in.
When a user logs into an account with an expired password, the system first verifies that the entered password had been valid prior to expiring, and then prompts the user to change the password.
Note
This is the sole time that a user with a user-level (opposed to an administrator-level) account can make any changes to the user-level account.Using the none option prevents the password for the specified account from ever expiring (it resets the password to the system default of no time limit).
To set a minimum lifespan for passwords, use the configure account [all | name] password-policy min-age [num_days | none] command.
In the case of conflicting settings between these two commands, a setting requiring a password change overrides a setting that prohibits a password change. For example, if max-age is set to 10 days, thus requiring a password change in 10 days, and a min-age is set to 20 days, attempting to forbid a password change until 20 days, the configuration to change the password after 10 days takes precedence over the configuration to not change the password for 20 days.
To view the current selection for the maximum lifespan for passwords, use the show accounts password-policy command.
The following command sets a 3-month time limit for the password for the account marketing:
# configure account marketing password-policy max-age 90
This command was first available in ExtremeXOS 11.2.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.