201
characters (see "
"), and each type of characters in the password must contain at least one
character.
In FIPS mode, the global password composition policy is as follows: A password must contain four
types of characters from uppercase letters, lowercase letters, digits and special characters, and
each type contains at least one character.
In both FIPS and non-FIPS mode, the password composition policy of a user group is the same as
the global policy, and the password composition policy of a local user is the same as that of the user
group to which the local user belongs.
Views
System view, user group view, local user view
Default command level
2: System level
Parameters
type-number
type-number
: Specifies the minimum number of character types that a password must
contain. The value range for the
type-number
argument is 1 to 4 in non-FIPS mode. The value for the
type-number
argument is fixed to 4 in FIPS mode.
type-length
type-length
: Specifies the minimum number of characters that are from each character
type in the password. The value range for the
type-length
argument is 1 to 63.
Usage guidelines
The settings in system view have global significance and apply to all user groups. The settings in
user group view apply to all local users in the user group. The settings in local user view apply only to
the local user.
A password composition policy with a smaller application range has a higher priority. The system
prefers to use the password composition policy in local user view for a local user. If no policy is
configured for the local user, the system uses the policy for the user group to which the local user
belongs. If no policy is configured for the user group, the system uses the global policy.
Examples
# Specify that all passwords must contain at least three types of characters and each type must
contain at least five characters.
<Sysname> system-view
[Sysname] password-control composition type-number 3 type-length 5
# Specify that the passwords of user group
test
must contain at least three types of characters and
each type must contain at least five characters.
[Sysname] user-group test
[Sysname-ugroup-test] password-control composition type-number 3 type-length 5
[Sysname-ugroup-test] quit
# Specify that the passwords of local user
abc
must contain at least three types of characters and
each type must contain at least five characters.
[Sysname] local-user abc
[Sysname-luser-abc] password-control composition type-number 3 type-length 5
Related commands
•
display
password-control
•
local-user
•
user-group