HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 116
Login with an expired password, Password history, User login control, First login, Login attempt limit
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 116 highlights
Login with an expired password You can allow a user to log in a certain number of times within a specific period of time after the password expires. For example, if you set the maximum number of logins with an expired password to 3 and the time period to 15 days, a user can log in three times within 15 days after the password expires. Password history With this feature enabled, the system stores passwords that a user has used. When a user changes the password, the system checks the new password against the current password and those stored in the password history records. The new password must be different from the current one and those stored in the history records by at least four characters and the four characters must be different from one another. Otherwise, the system will display an error message, and the password will not be changed. You can set the maximum number of history password records for the system to maintain for each user. When the number of history password records exceeds your setting, the most recent record overwrites the earliest one. Current login passwords of device management users are not stored in the password history, because a device management user password is saved in cipher text and cannot be recovered to a plaintext password. User login control First login With the global password control function enabled, users must change the password at first login before they can access the system. In this situation, password changes are not subject to the minimum change interval. Login attempt limit Limiting the number of consecutive failed login attempts can effectively prevent password guessing. If an FTP or VTY user fails authentication, the system adds the user to a password control blacklist. The system will not add nonexistent users, or users logging in to the device through console ports to the password control blacklist. If a user fails to provide the correct password after the specified number of consecutive attempts, the system takes one of the following actions: • Blocks the user's login attempts until the user is manually removed from the password control blacklist. • Allows the user to continue trying, and removes the user from the password control blacklist when the user logs in to the system successfully. • Blocks the user's login attempts within a configurable period of time, and allows the user to log in again after the period of time elapses or the user is removed from the password control blacklist. Maximum account idle time You can set the maximum account idle time to make accounts idle for this period of time become invalid and unable to log in again. For example, if you set the maximum account idle time to 60 days and the user with the account test has never logged in successfully within 60 days after the last successful login, the account becomes invalid. 107