Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
261262263264265266267268269270
257
Related commands
display password-control
password-control login-attempt
Use password-control login-attempt to specify the maximum number of consecutive failed login attempts
and the action to be taken when a user fails to log in after the specified number of attempts.
Use undo password-control login-attempt to restore the default.
Syntax
password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
undo password-control login-attempt
Default
The maximum number of consecutive failed login attempts is 3 and a user failing to log in after the
specified number of attempts must wait for 1 minute before trying again.
Views
System view
Default command level
2: System level
Parameters
login-times: Maximum number of consecutive failed login attempts, in the range of 2 to 10.
exceed: Specifies the action to be taken when a user fails to log in after the specified number of attempts.
lock: Permanently prohibits a user who fails to log in after the specified number of attempts from logging
in.
lock-time time: Forces a user who fails to log in after the specified number of attempts to wait for a period
of time before trying again. The time argument is in minutes and in the range of 1 to 360.
unlock: Allows a user who fails to log in after the specified number of attempts to continue trying to log
in.
Usage guidelines
If prohibited permanently, a user can log in only after you remove the user from the password control
blacklist.
If prohibited temporarily, a user can log in again after the lock time elapses or an administrator removes
the user from the password control blacklist.
If not prohibited to log in, a user is removed from the password control blacklist as long as the user logs
in successfully or after the blacklist aging time (1 minute) elapses.
Examples
# Set the maximum number of login attempts to 4 and permanently prohibit a user failing to log in after
four attempts from logging in.
<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock
Later, if a user tries to log in but fails four times, you can find it in the password control blacklist, with its
status changed from unlock to lock: