Security Command Reference
108 7705 SAR OS System Management Guide
method-3 — the third password authentication method to attempt
Values radius, tacplus, local
Default local
radius — RADIUS authentication
tacplus — TACACS+ authentication
local — password authentication based on the local password database
exit-on-reject — when enabled, and if one of the AAA methods configured in the authentication
order sends a reject, then the next method in the order will not be tried. If the exit-on-reject
keyword is not specified and one AAA method sends a reject, the next AAA method will be
attempted. If in this process all the AAA methods are exhausted, it will be considered a reject.
Note that a rejection is distinct from an unreachable authentication server. When the
exit-on-reject keyword is specified, authorization and accounting will only use the method
that provided an affirmation authentication; only if that method is no longer readable or is
removed from the configuration will other configured methods be attempted. If the local
keyword is the first authentication and:
• exit-on-reject is configured and the user does not exist, the user will not be
authenticated
• the user is authenticated locally, then other methods, if configured, will be used for
authorization and accounting
• the user is configured locally but without console access, login will be denied
complexity
Syntax [no] complexity [numeric] [special-character] [mixed-case]
Context config>system>security>password
Description This command configures the complexity requirements of locally administered passwords,
HMAC-MD5-96, HMAC-SHA-96, and des-keys configured in the
config>system>security>user user-name >snmp>authentication context.
If more than one complexity command is entered, each command overwrites the previous command.
The no form of the command cancels all requirements. To remove a single requirement, enter the no
form of the command followed by the requirement that needs to be removed (for example, no
complexity numeric).
Default no complexity requirements are configured
Parameters mixed-case — specifies that at least one uppercase and one lowercase character must be present
in the password. This keyword can be used in conjunction with the numeric and
special-character parameters. However, if this command is used with the authentication
none command, the complexity command is rejected.
To Next Page
Loading...
