password-control composition
Use password-control composition to configure the password composition policy.
Use undo password-control composition to restore the default.
Syntax
password-control composition type-number type-number [ type-length type-length ]
undo password-control composition
Default
In non-FIPS mode:
The password using the global composition policy must contain a minimum of one character type and a minimum of one character for each type.
In FIPS mode:
The password using the global composition policy must contain a minimum of four character types and a minimum of one character for each type.
In both non-FIPS and FIPS modes:
The password composition policy for a user group is the same as the global policy. The password composition policy for a local user is the same as that of the user group to which the local user belongs.
Views
System view
User group view
Local user view
Predefined user roles
network-admin
mdc-admin
Parameters
type-number type-number: Specifies the minimum number of character types that a password must contain. The value range for the type-number argument is 1 to 4 in non-FIPS mode and fixed at 4 in FIPS mode.
type-length type-length: Specifies the minimum number of characters that are from each type in the password. The value range for the type-length argument is 1 to 63 in non-FIPS mode, and 1 to 15 in FIPS mode.
Usage guidelines
The password composition policy depends on the view:
The policy in system view has global significance and applies to all user groups.
The policy in user group view applies to all local users in the user group.
The policy in local user view applies only to the local user.
A password composition policy with a smaller application scope has higher priority. The system prefers to use the password composition policy in local user view for a local user.
If no policy is configured for the local user, the system uses the policy for the user group to which the local user belongs.
If no policy is configured for the user group, the system uses the global policy.
The product of the minimum number of character types and minimum number of characters for each type must be smaller than the maximum length of passwords.
Examples
# Specify that all passwords must each contain a minimum of four character types and a minimum of five characters for each type.
<Sysname> system-view [Sysname] password-control composition type-number 4 type-length 5
# Specify that passwords in user group test must contain a minimum of four character types and a minimum of five characters for each type.
[Sysname] user-group test [Sysname-ugroup-test] password-control composition type-number 4 type-length 5 [Sysname-ugroup-test] quit
# Specify that the password of device management user abc must contain a minimum of four character types and a minimum of five characters for each type.
[Sysname] local-user abc class manage [Sysname-luser-manage-abc] password-control composition type-number 4 type-length 5
Related commands
display local-user
display password-control
display user-group
password-control composition enable