A device functioning as an AAA server is called a local AAA server, which performs user authentication and authorization, but not user accounting.
Similar to the remote AAA server, the local AAA server requires a local user database, holding information about local users, such as usernames, passwords, and permissions. A local AAA server performs authentication and authorization faster than a remote AAA server, which reduces operation costs. However, the storage capacity of a local AAA server is limited by the available space on the device hardware.
The password policy of local users is vital to user security. The security policy function for local user accounts is enabled by default. The device also supports password complexity check, password change policies for local administrators, and password validity period restrictions to improve local user security.
Restrictions on the username and password
The username must contain at least six characters.
The password must meet the following requirements:
The password must be greater than or equal to eight characters.
The password must contain digits, uppercase letters, lowercase letters, and special characters excluding spaces and question marks. Spaces are allowed in the password if the password is enclosed in quotation marks.
The password cannot repeat or reverse the username.
A new password cannot be the same as the last 10 passwords including the current password.
After the password complexity check function is enabled, the password must contain the following four types of characters: lowercase letters, uppercase letters, digits, and special characters. In addition, the password cannot be the same as the last 10 passwords including the current password.
In addition, the username length, password length, and number of previous passwords that cannot be used as new passwords, can be configured as needed. The device restricts the username and password of a local user based on the strictest username and password configuration rules.
Password change policy
The local administrator can change the password of an equal- or lower-level local user. After an administrator adds a local user or resets the password of a local user, the local user must change the password upon the first login.
Password validity period