Automatically expiring login credentials on extreme switches

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
is there any way if  username/password can automatically expire for specific duration. on extreme switches
Photo of Neeraj singh

Neeraj singh

  • 240 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
You can set a password max age for a particular account. 

# configure account "user" password-policy max-age  
none            No maximum age enforced for password
<num_days>      Maximum age of password, between 1 and 365 days
Photo of Neeraj singh

Neeraj singh

  • 240 Points 100 badge 2x thumb
this is applicable for all extreme switches ?
Photo of Drew C.

Drew C., Community Manager

  • 38,610 Points 20k badge 2x thumb
The command Kevin shared is for all EXOS switches.
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
My apology.

I think this is not what you are looking for. More clarity here. The command previousely mentioned will expire an existing password in a specified period of time but then prompt a user to change a new password. The user will be able to continue to login with the new password. 

If you want to invalidate a password, I think a timer-based UPM script would be an option.  
Photo of Drew C.

Drew C., Community Manager

  • 38,610 Points 20k badge 2x thumb
Moving to RADIUS mgmt-access is another good way to do this.  If the credentials on the server-side have expired, they aren't valid on the switch until the user resets their password (at least with Active Directory).