Views
System view, user group view, local user view
Predefined user roles
network-admin
Parameters
same-character: Refuses a password that contains any character appearing consecutively three or more
times. For example, the password aaabc is not complex enough.
user-name: Refuses a password that contains the username or the reverse of the username. For example,
if the username is 123, a password such as abc123 or 321df is not complex enough.
Usage guidelines
The password complexity checking policy depends on the view:
The policy in system view has global significance and applies to all user groups.
•
The policy in user group view applies to all local users in the user group.
•
The policy in local user view applies only to the local user.
•
A password complexity checking policy with a smaller application scope has higher priority. The system
prefers to use the password complexity checking policy in local user view for a local user.
If no policy is configured for the local user, the system uses the policy for the user group to which the
•
local user belongs.
If no policy is configured for the user group, the system uses the global policy.
•
You can enable both username checking and repeated character checking.
After the password complexity checking is enabled, complexity-incompliant passwords will be refused.
Examples
# Configure the password complexity checking policy, refusing any password that contains the username
or the reverse of the username.
<Sysname> system-view
[Sysname] password-control complexity user-name check
Related commands
display local-user
•
display password-control
•
•
display user-group
password-control composition
Use password-control composition to configure the password composition policy.
Use undo password-control composition to restore the default.
Syntax
password-control composition type-number type-number [ type-length type-length ]
undo password-control composition
77