System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 119
method-3 — the third password authentication method to attempt
Values radius, tacplus, local
Default local
radius — RADIUS authentication
tacplus — TACACS+ authentication
local — password authentication based on the local password database
exit-on-reject — when enabled, and if one of the AAA methods configured in the
authentication order sends a reject, then the next method in the order will not be tried.
If the exit-on-reject keyword is not specified and one AAA method sends a reject,
the next AAA method will be attempted. If in this process all the AAA methods are
exhausted, it will be considered a reject.
A rejection is distinct from an unreachable authentication server. When the
exit-on-reject keyword is specified, authorization and accounting will only use the
method that provided an affirmation authentication; only if that method is no longer
readable or is removed from the configuration will other configured methods be
attempted. If the local keyword is the first authentication and:
• exit-on-reject is configured and the user does not exist, the user will not be
authenticated
• the user is authenticated locally, then other methods, if configured, will be used
for authorization and accounting
• the user is configured locally but without console access, login will be denied
complexity-rules
Syntax complexity-rules
Context config>system>security>password
Description This command enables the context to configure security password complexity rules.
allow-user-name
Syntax [no] allow-user-name
Context config>system>security>password>complexity-rules
Description This command allows a login name to be included as part of the password.
The no form of this command prevents a login name from being included as part of the
password.
To Next Page
Loading...
