Role name -role
Minimum size of the password, in characters -passwd-minlength
Whether the password requires alphanumeric characters -passwd-alphanum
Number of previous passwords that cannot be reused -disallowed-reuse
Minimum number of days that must elapse before users can change their passwords -change-delay

You can display detailed information about the restrictions on a specific account by specifying the -role parameter. This adds the following information:

Minimum length of the user name, in characters -username-minlength
Whether the user name requires alphanumeric characters -username-alphanum
Minimum length of the password, in characters -passwd-minlength
Whether the password requires alphanumeric characters -passwd-alphanum
Minimum number of special characters required in password -passwd-min-special-chars
Minimum number of lowercase characters required in password -passwd-min-lowercase-chars
Minimum number of uppercase characters required in password -passwd-min-uppercase-chars
Minimum number of digits required in password -passwd-min-digits
Minimum number of days that must elapse before users can change their passwords -change-delay
Whether the password must be changed at the initial login -require-initial-passwd-update
Password-expiration time, in days -passwd-expiry-time
Display warning message days prior to password expiry -passwd-expiry-warn-time
Number of previous passwords that cannot be reused -disallowed-reuse
Maximum number of failed login attempts permitted before the account is locked out -max-failed-login-attempts
Number of days for which the user account is locked after the maximum number of failed login attempts is reached -lockout-duration
Account-expiration time, in days -account-expiry-time
Maximum duration of inactivity before account expiration, in days -account-inactive-limit
Delay after each failed login attempt, in secs -delay-after-failed-login

Parameters

{ [-fields <fieldname>,…]: If you specify the -fields <fieldname>, … parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ] }: If you specify the -instance parameter, the command displays detailed information about all fields.
[-vserver <vserver name>] - Vserver: Selects the profile configurations that match this parameter value
[-role <text>] - Role Name: If this parameter is specified, the command displays detailed information about restrictions for the specified user account.
[-username-minlength <integer>] - Minimum Username Length Required: Selects the profile configurations that match this parameter value.
[-username-alphanum {enabled|disabled}] - Username Alpha-Numeric: Selects the profile configurations that match this parameter value. Enabled means a user name must contain both letters and numbers.
[-passwd-minlength <integer>] - Minimum Password Length Required: Selects the profile configurations that match this parameter value.
[-passwd-alphanum {enabled|disabled}] - Password Alpha-Numeric: Selects the profile configurations that match this parameter value. Enabled means a password must contain both letters and numbers.
[-passwd-min-special-chars <integer>] - Minimum Number of Special Characters Required in the Password: Selects the profile configurations that match this parameter value.
[-passwd-expiry-time <unsigned32_or_unlimited>] - Password Expires In (Days): Selects the profile configurations that match this parameter value.
[-require-initial-passwd-update {enabled|disabled}] - Require Initial Password Update on First Login: Selects the profile configurations that match this parameter value.
[-max-failed-login-attempts <integer>] - Maximum Number of Failed Attempts: Selects the profile configurations that match this parameter value.
[-lockout-duration <integer>] - Maximum Lockout Period (Days): Selects the profile configurations that match this parameter value.
[-disallowed-reuse <integer>] - Disallow Last 'N' Passwords: Selects the profile configurations that match this parameter value.
[-change-delay <integer>] - Delay Between Password Changes (Days): Selects the profile configurations that match this parameter value.
[-delay-after-failed-login <integer>] - Delay after Each Failed Login Attempt (Secs): Selects the profile configurations that match this parameter value.
[-passwd-min-lowercase-chars <integer>] - Minimum Number of Lowercase Alphabetic Characters Required in the Password: Selects the profile configurations that match this parameter value.
[-passwd-min-uppercase-chars <integer>] - Minimum Number of Uppercase Alphabetic Characters Required in the Password: Selects the profile configurations that match this parameter value.
[-passwd-min-digits <integer>] - Minimum Number of Digits Required in the Password: Selects the profile configurations that match this parameter value.
[-passwd-expiry-warn-time <unsigned32_or_unlimited>] - Display Warning Message Days Prior to Password Expiry (Days): Selects the profile configurations that match this parameter value.
[-account-expiry-time <unsigned32_or_unlimited>] - Account Expires in (Days): Selects the profile configurations that match this parameter value.
[-account-inactive-limit <unsigned32_or_unlimited>] - Maximum Duration of Inactivity before Account Expiration (Days): Selects the profile configurations that match this parameter value.

Examples

The example below displays restriction information about all user accounts:

cluster1::> security login role config show
                          ----- Password Restrictions -----
Vserver     RoleName      Size AlphaNum NoReuse ChangeDelay
----------- ------------- ---- -------- ------- -----------
vs          vsadmin          8  enabled       6      0 days
vs          vsadmin-protocol 8  enabled       6      0 days
vs          vsadmin-readonly 8  enabled       6      0 days
vs          vsadmin-volume   8  enabled       6      0 days
cluster1    admin            6  enabled       6      0 days
cluster1    readonly         6  enabled       6      0 days