User Login Control; Password Not Displayed In Any Form; Logging - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
the history records by at least four characters and the four characters must be different from one another.
Otherwise, the system will display an error message, and the password will not be changed.
You can set the maximum number of history password records for the system to maintain for each user.
When the number of history password records exceeds your setting, the most recent record overwrites
the earliest one.
Current login passwords of device management users are not stored in the password history, because a
device management user password is saved in cipher text and cannot be recovered to a plaintext
password.
User login control
First login
With the global password control function enabled, users must change the password at first login before
they can access the system. In this situation, password changes are not subject to the minimum change
interval.
Login attempt limit
Limiting the number of consecutive failed login attempts can effectively prevent password guessing.
If an FTP or VTY user fails authentication, the system adds the user to a password control blacklist. The
system will not add nonexistent users (users not configured on the device) or users logging in to the device
through console or AUX ports to the password control blacklist.
If a user fails to provide the correct password after the specified number of consecutive attempts, the
system takes one of the following actions:
Blocks the user's login attempts until the user is manually removed from the password control
•
blacklist.
Allows the user to continue trying, and removes the user from the password control blacklist when
•
the user logs in to the system successfully.
Blocks the user's login attempts within a configurable period of time, and allows the user to log in
•
again after the period of time elapses or the user is removed from the password control blacklist.
Maximum account idle time
You can set the maximum account idle time to make accounts idle for this period of time become invalid
and unable to log in again. For example, if you set the maximum account idle time to 60 days and the
user with the account test has never logged in successfully within 60 days after the last successful login,
the account becomes invalid.
Password not displayed in any form
For security purposes, nothing is displayed when a user enters a password.
Logging
The system logs all successful password changing events and user adding events to the password control
blacklist.
80
Advertisement
Table of Contents
Troubleshooting
