H3C MSR Series Command Reference Manual page 443
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Whether a blacklisted user and user account are locked depends on the locking setting:
•
If a user account is permanently locked for a user, the user cannot use this account unless this
account is removed from the password control blacklist. To remove the user account, use the
reset password-control blacklist command.
•
To use a temporarily locked user account, the user can perform either of the following tasks:
Wait until the locking timer expires.
Remove the user account from the password control blacklist.
•
If the user account and the user are blacklisted but not locked, the user can continue using this
account to log in. The account and the user's IP address are removed from the password
control blacklist when the user uses the account to successfully log in to the device.
NOTE:
This account is locked only for this user. Other users can still use this account, and the blacklisted
user can use other user accounts.
The password-control login-attempt command takes effect immediately after being executed, and
can affect the users already in the password control blacklist.
Examples
# Allow a maximum of four consecutive login failures on a user account, and disable the user
account if the limit is reached.
<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock
# Use the user account test to log in to the device, and enter incorrect password for four times.
# Display the password control blacklist. The output shows that the user account is on the blacklist,
and its status is lock.
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1
Blacklist items matched: 1.
# Verify that the user at 192.168.44.1 cannot use this user account to log in.
# Allow a maximum of two consecutive login failures on a user account, and disable the account for
3 minutes if the limit is reached.
<Sysname> system-view
[Sysname] password-control login-attempt 2 exceed lock-time 3
# Use the user account test to log in to the device, and enter incorrect password for two attempts.
# Display the password control blacklist. The output shows that the user account is on the blacklist
and its status is lock.
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1
Blacklist items matched: 1.
# Verify that after 3 minutes, the user account is removed from the password control blacklist and the
user at 192.168.44.1 can use this account.
Login failures: 4
Login failures: 2
420
Lock flag: lock
Lock flag: lock
Advertisement
Table of Contents
