password-control complexity

Use password-control complexity to configure the password complexity checking policy.

Use undo password-control complexity to remove a password complexity checking item.

Syntax

password-control complexity { same-character | user-name } check

undo password-control complexity { same-character | user-name } check

Default

The global password complexity checking policy is that both username checking and repeated character checking are disabled. The password complexity checking policy for a user group equals the global setting. The password complexity checking policy for a local user equals that of the user group to which the local user belongs.

Views

System view

User group view

Local user view

Predefined user roles

network-admin

mdc-admin

Parameters

same-character: Refuses a password that contains a minimum of three consecutive identical characters. For example, the password aaabc is not complex enough.

user-name: Refuses a password that contains the username or the reverse of the username. For example, if the username is 123, a password such as abc123 or 321df is not complex enough.

Usage guidelines

The password complexity checking policy depends on the view:

A password complexity checking policy with a smaller application scope has higher priority. The system prefers to use the password complexity checking policy in local user view for a local user.

You can enable both username checking and repeated character checking.

Examples

# Configure the password complexity checking policy, refusing any password that contains the username or the reverse of the username.

<Sysname> system-view
[Sysname] password-control complexity user-name check

Related commands

display local-user

display password-control

display user-group