The default rules for user names and passwords apply to users of all access-control roles. You can modify the rule settings of user names and passwords for a specific role to enhance user account security.
Following are the default rules for user names:
- A user name must be at least three characters long.
- A user name can contain letters, numbers, special characters,
or a combination of them.
For a local user name (that is, a user name that is configured with the password
authentication method), the following additional rules about special characters apply:
- Only the following characters are supported:
_ . -
- The user names cannot begin with a hyphen (-).
- A user name that is configured with the password authentication method cannot be longer than 16 characters.
- A user name that is configured with the snmp application type cannot be longer than 32 characters.
Following are the default rules for passwords:
- A password cannot contain the user name.
- A password must be at least eight characters long.
- A password must contain at least one letter and one number.
- A password cannot be the same as the last six passwords.
To enhance user account security, you can use parameters of the security login role config modify command to modify the following settings of an access-control role:
- Rule settings for user names:
- The required minimum length of a user name (-username-minlength)
- Whether a mix of alphabetic and numeric characters is required in a user name
- Rule settings for passwords:
- Rule settings about invalid login attempts:
- The number of invalid login attempts that triggers the account to be locked automatically (-max-failed-login-attempts)
When the number of a user's invalid login attempts reaches the value specified by this parameter, the user's account is locked automatically.
The security login unlock command unlocks a user account.
- The number of days for which an account is locked if invalid login attempts reach the allowed maximum (-lockout-duration)
You can display the current settings for the rules by using the security login role config show command. For information about the security login role config commands and the default settings, see the man pages.