3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

961

962

963

964

965

966

967

968

969

970

974 CHAPTER 74: PASSWORD CONTROL CONFIGURATION

4 Password history

With this feature enabled, the system maintains certain entries of passwords that a

user has used. When a user changes the password, the system checks the new

password against the used ones to see whether it was used before and, if so,

displays an error message.

You can set the maximum number of history password records for the system to

maintain for each user. When the number of history password records exceeds

your setting, the latest record will overwrite the earliest one.

5 Login attempt restriction

Limiting the times of entering wrong passwords can effectively prevent malicious

password cracking.

Once a user fails to pass authentication, the system adds the user into a blacklist.

When a user tries but fails to login for the allowed maximum number of successive

authentication attempts, the system may prohibit or allow the user to login,

depending on your choice:

■ Prohibiting the user from logging into the system until the user is removed

from the blacklist.

■ Allowing the user to log in and removing the user from the blacklist when the

user logs into the system or the blacklist entry times out (the blacklist entry

aging time is 20 minutes).

■ Prohibiting the user from logging in for a configurable period of time. After this

period, the user will be deleted from the blacklist and can log into the system

again.

■ A blacklist can contain up to 1,024 entries. A login attempt using a wrong

username will undoubtedly fail but the username is not added into the

blacklist.

■ FTP users and virtual terminal line (VTY) users are blacklisted when they fail the

authentication.

■ Users accessing the system through the Console or AUX interface are never

blacklisted. This is because the system is unable to obtain the IP addresses of

these users and these users are privileged and therefore relatively secure to the

system.

6 Password composition

A password can be a combination of characters from the following four

categories:

■ Uppercase letters A to Z

■ Lowercase letters a to z

■ Digits 0 to 9

■ 32 special characters including blank space and

~‘!@#$%^&*()_+-={}|[]:";’<>,./.