Configuring the user account format, User login control, Password not displayed in any form – H3C Technologies H3C S12500-X Series Switches User Manual
Page 121
109
450B
Password history
With this feature enabled, the system stores passwords that a user has used. When a user changes the
password, the system checks the new password against the current password and those stored in the
password history records. The new password must be different from the current one and those stored in
the history records by at least four characters.The four characters must be different from one another.
Otherwise, the system will display an error message, and the password will not be changed.
You can set the maximum number of history password records for the system to maintain for each user.
When the number of history password records exceeds your setting, the most recent record overwrites
the earliest one.
Current login passwords of device management users are not stored in the password history, because a
device management user password is saved in cipher text and cannot be recovered to a plaintext
password.
216B
User login control
451B
First login
With the global password control function enabled, users must change the password at first login before
they can access the system. In this situation, password changes are not subject to the minimum change
interval.
452B
Login attempt limit
Limiting the number of consecutive failed login attempts can effectively prevent password guessing.
If an FTP or VTY user fails authentication, the system adds the user to a password control blacklist. The
system will not add nonexistent users (users not configured on the device), or users logging in to the
device through console ports to the password control blacklist.
If a user fails to provide the correct password after the specified number of consecutive attempts, the
system takes one of the following actions:
•
Blocks the user's login attempts until the user is manually removed from the password control
blacklist.
•
Allows the user to continue trying, and removes the user from the password control blacklist when
the user logs in to the system successfully.
•
Blocks the user's login attempts within a configurable period of time, and allows the user to log in
again after the period of time elapses or the user is removed from the password control blacklist.
453B
Maximum account idle time
You can set the maximum account idle time to make accounts idle for this period of time become invalid
and unable to log in again. For example, if you set the maximum account idle time to 60 days and the
user with the account test has never logged in successfully within 60 days after the last successful login,
the account becomes invalid.
217B
Password not displayed in any form
For security purposes, nothing is displayed when a user enters a password.