password-control complexity
Use password-control complexity to configure the password complexity checking policy.
Use undo password-control complexity to remove a password complexity checking item.
Syntax
password-control complexity { same-character | user-name } check
undo password-control complexity { same-character | user-name } check
Default
The global password complexity checking policy is that both username checking and repeated character checking are disabled. The password complexity checking policy for a user group equals the global setting. The password complexity checking policy for a local user equals that of the user group to which the local user belongs.
Views
System view
User group view
Local user view
Predefined user roles
network-admin
mdc-admin
Parameters
same-character: Refuses a password that contains a minimum of three consecutive identical characters. For example, the password aaabc is not complex enough.
user-name: Refuses a password that contains the username or the reverse of the username. For example, if the username is 123, a password such as abc123 or 321df is not complex enough.
Usage guidelines
The password complexity checking policy depends on the view:
The policy in system view has global significance and applies to all user groups.
The policy in user group view applies to all local users in the user group.
The policy in local user view applies only to the local user.
A password complexity checking policy with a smaller application scope has higher priority. The system prefers to use the password complexity checking policy in local user view for a local user.
If no policy is configured for the local user, the system uses the policy for the user group to which the local user belongs.
If no policy is configured for the user group, the system uses the global policy.
You can enable both username checking and repeated character checking.
Examples
# Configure the password complexity checking policy, refusing any password that contains the username or the reverse of the username.
<Sysname> system-view [Sysname] password-control complexity user-name check
Related commands
display local-user
display password-control
display user-group