[x]

Password control configuration commands > password-control login-attempt

 

 Next

password-control login-attempt

Syntax

password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]

undo password-control login-attempt

View

System view

Default level

2: System level

Parameters

login-times: Specifies the maximum number of consecutive failed login attempts, in the range of 2 to 10.

exceed: Specifies the action to be taken when a user fails to log in after the specified number of attempts.

lock: Permanently prohibits a user who fails to log in after the specified number of attempts from logging in.

lock-time time: Forces a user who fails to log in after the specified number of attempts to wait for a period of time before trying again. The time argument is in minutes and in the range of 1 to 360.

unlock: Allows a user who fails to log in after the specified number of attempts to continue trying to log in.

Description

Use password-control login-attempt to specify the maximum number of consecutive failed login attempts and the action to be taken when a user fails to log in after the specified number of attempts.

Use undo password-control login-attempt to restore the default.

By default, the maximum number of consecutive failed login attempts is three and a user failing to log in after the specified number of attempts must wait for one minute before trying again.

If prohibited permanently, a user can log in only after you remove the user from the blacklist.

If prohibited temporarily, a user can log in again after the lock time elapses or an administrator removes the user from the blacklist.

If not prohibited to log in, a user is removed from the blacklist as long as the user logs in successfully or after the blacklist aging time (one minute) elapses.

Related commands: display password-control, display password-control blacklist, and reset password-control blacklist.

Examples

# Set the maximum number of login attempts to four and permanently prohibit a user failing to log in after four attempts from logging in.

<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock

Later, if a user tries to log in but fails four times, you can find it in the blacklist, with its status changed from unlock to lock: 

[Sysname] display password-control blacklist
Username: test
   IP: 192.168.44.1        Login failed times: 4      Lock flag: lock

Total 1 blacklist item(s) matched.

The user can no longer log in.

# Set the maximum number of login attempts to two and prohibit a user failing to log in after two attempts from logging in within three minutes.

<Sysname> system-view
[Sysname] password-control login-attempt 2 exceed lock-time 3

Later, if a user tries to log in but fails two times, you can find it in the blacklist, with its status changed from unlock to lock:

[Sysname] display password-control blacklist
Username: test
   IP: 192.168.44.1        Login failed times: 2      Lock flag: lock

Total 1 blacklist item(s) matched.

After three minutes, the user is removed from the blacklist and can log in again.

prev

 

up

 next

password-control login idle-time 

home

 password-control password update interval

© Copyright 2016 Hewlett Packard Enterprise Development LP