221
If an FTP or VTY user fails to log in after making the maximum login attempts, the system adds the user
account and the user's IP address to the password control blacklist. This user account is locked for only
this user. Other users can still use this user account, and the blacklisted user can use other user accounts.
Whether a blacklisted user and user account are locked depends on the locking setting:
• If a user account is permanently locked for a user, the user cannot use this account unless this user
account is removed from the password control blacklist. To remove a user account, use the reset
password-control blacklist command.
• To use a temporarily locked user account, the user can do either of the following operations:
{ Wait until the locking timer expires.
{ Remove the user account from the password control blacklist..
• If the user account and the user are blacklisted but not locked, the user can continue using this
account to log in. The account and the user's IP address are removed from the password control
blacklist when the user uses the account to successfully log in to the device.
The password-control login-attempt command takes effect immediately after being executed, and can
affect the users already in the password control blacklist.
Examples
# Allow a maximum of four consecutive login failures on a user account, and disable the user account if
the limit is reached.
<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock
# Use the user account test to log in to the device, and enter incorrect password for four times.
# Display the password control blacklist. The output shows that the user account is on the blacklist, and
its status is lock.
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1 Login failures: 4 Lock flag: lock
Blacklist items matched: 1.
# Verify that the user at 192.168.44.1 cannot use this user account to log in.
# Allow a maximum of two consecutive login failures on a user account, and disable the user account for
3 minutes if the limit is reached.
<Sysname> system-view
[Sysname] password-control login-attempt 2 exceed lock-time 3
# Use the user account test to log in to the device, and enter incorrect password for two attempts.
# Display the password control blacklist. The output shows that the user account is on the blacklist and
its status is lock.
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1 Login failures: 2 Lock flag: lock
Blacklist items matched: 1.
To Next Page
Loading...
Need help?
General
