Skip to main content
ONTAP commands
A newer release of this product is available.

security login role config show

Suggest changes
PDFs

Show local user account restrictions

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login role config show command displays the following information about account restrictions for management-utility user accounts:

  • Role name -role

  • Minimum size of the password, in characters -passwd-minlength

  • Whether the password requires alphanumeric characters -passwd-alphanum

  • Number of previous passwords that cannot be reused -disallowed-reuse

  • Minimum number of days that must elapse before users can change their passwords -change-delay

You can display detailed information about the restrictions on a specific account by specifying the -role parameter. This adds the following information:

  • Minimum length of the user name, in characters -username-minlength

  • Whether the user name requires alphanumeric characters -username-alphanum

  • Minimum length of the password, in characters -passwd-minlength

  • Whether the password requires alphanumeric characters -passwd-alphanum

  • Minimum number of special characters required in password -passwd-min-special-chars

  • Minimum number of lowercase characters required in password -passwd-min-lowercase-chars

  • Minimum number of uppercase characters required in password -passwd-min-uppercase-chars

  • Minimum number of digits required in password -passwd-min-digits

  • Minimum number of days that must elapse before users can change their passwords -change-delay

  • Whether the password must be changed at the initial login -require-initial-passwd-update

  • Password-expiration time, in days -passwd-expiry-time

  • Display warning message days prior to password expiry -passwd-expiry-warn-time

  • Number of previous passwords that cannot be reused -disallowed-reuse

  • Maximum number of failed login attempts permitted before the account is locked out -max-failed-login-attempts

  • Number of days for which the user account is locked after the maximum number of failed login attempts is reached -lockout-duration

  • Account-expiration time, in days -account-expiry-time

  • Maximum duration of inactivity before account expiration, in days -account-inactive-limit

  • Delay after each failed login attempt, in secs -delay-after-failed-login

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver

Selects the profile configurations that match this parameter value

[-role <text>] - Role Name

If this parameter is specified, the command displays detailed information about restrictions for the specified user account.

[-username-minlength <integer>] - Minimum Username Length Required

Selects the profile configurations that match this parameter value.

[-username-alphanum {enabled|disabled}] - Username Alpha-Numeric

Selects the profile configurations that match this parameter value. Enabled means a user name must contain both letters and numbers.

[-passwd-minlength <integer>] - Minimum Password Length Required

Selects the profile configurations that match this parameter value.

[-passwd-alphanum {enabled|disabled}] - Password Alpha-Numeric

Selects the profile configurations that match this parameter value. Enabled means a password must contain both letters and numbers.

[-passwd-min-special-chars <integer>] - Minimum Number of Special Characters Required in the Password

Selects the profile configurations that match this parameter value.

[-passwd-expiry-time <unsigned32_or_unlimited>] - Password Expires In (Days)

Selects the profile configurations that match this parameter value.

[-require-initial-passwd-update {enabled|disabled}] - Require Initial Password Update on First Login

Selects the profile configurations that match this parameter value.

[-max-failed-login-attempts <integer>] - Maximum Number of Failed Attempts

Selects the profile configurations that match this parameter value.

[-lockout-duration <integer>] - Maximum Lockout Period (Days)

Selects the profile configurations that match this parameter value.

[-disallowed-reuse <integer>] - Disallow Last 'N' Passwords

Selects the profile configurations that match this parameter value.

[-change-delay <integer>] - Delay Between Password Changes (Days)

Selects the profile configurations that match this parameter value.

[-delay-after-failed-login <integer>] - Delay after Each Failed Login Attempt (Secs)

Selects the profile configurations that match this parameter value.

[-passwd-min-lowercase-chars <integer>] - Minimum Number of Lowercase Alphabetic Characters Required in the Password

Selects the profile configurations that match this parameter value.

[-passwd-min-uppercase-chars <integer>] - Minimum Number of Uppercase Alphabetic Characters Required in the Password

Selects the profile configurations that match this parameter value.

[-passwd-min-digits <integer>] - Minimum Number of Digits Required in the Password

Selects the profile configurations that match this parameter value.

[-passwd-expiry-warn-time <unsigned32_or_unlimited>] - Display Warning Message Days Prior to Password Expiry (Days)

Selects the profile configurations that match this parameter value.

[-account-expiry-time <unsigned32_or_unlimited>] - Account Expires in (Days)

Selects the profile configurations that match this parameter value.

[-account-inactive-limit <unsigned32_or_unlimited>] - Maximum Duration of Inactivity before Account Expiration (Days)

Selects the profile configurations that match this parameter value.

Examples

The example below displays restriction information about all user accounts:

cluster1::> security login role config show
                          ----- Password Restrictions -----
Vserver     RoleName      Size AlphaNum NoReuse ChangeDelay
----------- ------------- ---- -------- ------- -----------
vs          vsadmin          8  enabled       6      0 days
vs          vsadmin-protocol 8  enabled       6      0 days
vs          vsadmin-readonly 8  enabled       6      0 days
vs          vsadmin-volume   8  enabled       6      0 days
cluster1    admin            6  enabled       6      0 days
cluster1    readonly         6  enabled       6      0 days