beautypg.com

Password history, User login control, First login – H3C Technologies H3C S6300 Series Switches User Manual

Page 179: Login attempt limit, Maximum account idle time, Password not displayed in any form

background image

164

Password history

With this feature enabled, the system stores passwords that a user has used. When a user changes the

password, the system checks the new password against the current password and those stored in the
password history records. The new password must be different from the current one and those stored in

the history records by at least four characters. The four characters must be different from one another.

Otherwise, the system will display an error message, and the password will not be changed.
You can set the maximum number of history password records for the system to maintain for each user.
When the number of history password records exceeds your setting, the most recent record overwrites

the earliest one.
Current login passwords of device management users are not stored in the password history, because a

device management user password is saved in cipher text and cannot be recovered to a plaintext
password.

User login control

First login

With the global password control function enabled, users must change the password at first login before

they can access the system. In this situation, password changes are not subject to the minimum change

interval.

Login attempt limit

Limiting the number of consecutive failed login attempts can effectively prevent password guessing.
If an FTP or VTY user fails authentication, the system adds the user to a password control blacklist. The

system will not add nonexistent users (users not configured on the device), or users logging in to the

device through console ports to the password control blacklist.
If a user fails to provide the correct password after the specified number of consecutive attempts, the
system takes one of the following actions:

Blocks the user's login attempts until the user is manually removed from the password control
blacklist.

Allows the user to continue trying, and removes the user from the password control blacklist when
the user logs in to the system successfully.

Blocks the user's login attempts within a configurable period of time, and allows the user to log in
again after the period of time elapses or the user is removed from the password control blacklist.

Maximum account idle time

You can set the maximum account idle time to make accounts idle for this period of time become invalid
and unable to log in again. For example, if you set the maximum account idle time to 60 days and the

user with the account test has never logged in successfully within 60 days after the last successful login,

the account becomes invalid.

Password not displayed in any form

For security purposes, nothing is displayed when a user enters a password.