enable user
-
- Last UpdatedAug 13, 2021
- 3 minutes read
Configures login and password parameters specific to a user.
Three login attempts are allowed.
Three minutes of recovery time is enforced before re-enabling user accounts.
In CC mode, the default recovery time is 3 seconds.
The ICX device stores the last five user passwords for each user.
disable-on-login-failure
invalid-attempts
| Specifies the number of login attempts before a user is locked out (disabled). The range is from 1 through 10. The default is 3.
|
login-recovery-time
{
in-hours
|
in-mins
|
in-secs
}
recovery-time
| Specifies the recovery time in designated units (hours, minutes, or seconds) after which the locked-out user accounts are re-enabled automatically. The valid range for
in-hours is 1 through 2. The valid range for
in-minutes is 3 through 120. The valid range for
in-seconds is 2 through 7200.
|
password-aging
| Enables password aging.
|
password-history
previous-passwords
| Specifies how many previous passwords should be stored. The range is from 1 through 15. The default is 5.
|
password-masking
| Enables password masking.
|
Global configuration mode
When password masking is enabled, the CLI displays an asterisk (*) on the console instead of the actual password character entered.
When password aging is enabled, the software records the system time that each user password was configured or last changed. After 180 days, the CLI automatically prompts users to change their passwords when they attempt to sign on. The time displays in the output of the show running configuration command, indicated by set-time.
When changing a user password, the user cannot use any of the five previously configured passwords. You can configure the ICX device to store up to 15 passwords for each user, so that users do not use the same password multiple times. If a user attempts to use a password that is stored, the system prompts the user to choose a different password.
If a user fails to log in after three attempts, that user is locked out. You can increase or decrease the number of login attempts before the user is locked-out.
The no form of the command removes the login and password configurations.
The no form of enable user disable-on-login-failure disables both the maximum number of login attempts and recovery time configurations. To disable only the recovery time configuration, use the no enable user { disable-on-login-failure [ invalid-attempts login-recovery-time recovery-time ] } command.
The following example sets the number of login attempts for a user to 10.
device(config)# enable user disable-on-login-failure 10The following example configures the user account to automatically re-enable the locked-out users after 5 minutes of the lockout.
device(config)# enable user disable-on-login-failure 4 login-recovery-time in-mins 5The following example shows enables password aging.
device(config)# enable user password-aging
The following example enables password masking. The following example shows how the CLI displays an asterisk (*) on the console instead of the actual password character entered.
device(config)# enable user password-masking
device(config)# username xyz password
Enter Password: ********
The following example configures the device to store up to 10 previous passwords.
device(config)# enable user password-history 10
| Release version | Command history |
|---|---|
| 08.0.40 | The command was modified to include the login-recovery-time recovery-time option. |
| 08.0.70 | The command was modified to specify recovery-time in hours, minutes, or seconds. The default recovery-time in CC mode was changed to 3 seconds. |