24
Login with an expired password
You can allow a user to log in a certain number of times within a period of time after the password
expires. For example, if you set the maximum number of logins with an expired password to 3 and
the time period to 15 days, a user can log in three times within 15 days after the password expires.
Password history
With this feature enabled, the system stores passwords that a user has used. When a user changes
the password, the system checks the new password against the current password and those stored
in the password history records. The new password must be different from the current one and those
stored in the history records by at least four characters. The four characters must be different from
one another. Otherwise, the system will display an error message, and the password will not be
changed.
You can set the maximum number of history password records for the system to maintain for each
user. When the number of history password records exceeds your setting, the most recent record
overwrites the earliest one.
Current login passwords of device management users are not stored in the password history,
because a device management user password is saved in cipher text and cannot be recovered to a
plaintext password.
Login attempt limit
Limiting the number of consecutive login failures can effectively prevent password guessing.
Login attempt limit takes effect on FTP and VTY users. It does not take effect on the following types
of users:
•
Nonexistent users (users not configured on the device).
•
Users logging in to the device through console ports.
If a user fails to use a user account to log in after making the maximum number of consecutive
attempts, login attempt limit takes the following actions:
•
Adds the user account and the user's IP address to the password control blacklist. This account
is locked for only this user. Other users can still use this account, and the blacklisted user can
use other user accounts.
•
Limits the user and user account in any of the following ways:
{
Disables the user account until the account is manually removed from the password control
blacklist.
{
Allows the user to continue using the user account. The user's IP address and user account
are removed from the password control blacklist when the user uses this account to
successfully log in to the device.
{
Disables the user account for a period of time.
The user can use the account to log in when either of the following conditions exist:
−
The locking timer expires.
−
The account is manually removed from the password control blacklist before the locking
timer expires.
Maximum account idle time
You can set the maximum account idle time for user accounts. When an account is idle for this period
of time since the last successful login, the account becomes invalid.
HPE OfficeConnect 1950 stacking (IRF)
Intelligent Resilient Framework (IRF) is true stacking technology that creates a large virtual stack
from multiple devices to provide high availability and scalability. This stacking technology offers