Operation Manual – Password ControlH3C S9500 Series Routing Switches Chapter 1 Password Control Configuration1-3z When a user is prohibited by the ACL rule, the system will log the user’s IPaddressz When a user fails in authentication, the system will log the user name, IP address,VTY number, and failure causez When a user changes his or her password that has expired, the system will log thepassword change eventThe administrator can query the login information of users based on these log records.1.2 Password Control Configuration1.2.1 Configuration Task ListThe basic configuration tasks of password control are as follows:z Configuring the Aging Time of System Passwordz Configuring Alert Time Before Password Expiresz Configuring the Minimum Length of Passwordz Configuring the Maximum Number of Attempts of Entering a Password and theProcessing Mode for Failed Login Attemptsz Configuring the Maximum Number of History Password Recordsz Configuring the Timeout Time for Password AuthenticationAfter the configuration, you can carry out display password-control in any view toview the password control information for all users, including the enabled/disabled stateof password aging, the aging time, the enabled/disabled state of the minimumpassword length limitation and the configured minimum password length, theenabled/disabled state of history password recording, the alert time before passwordexpiration, the timeout time for password authentication, the maximum number ofpassword input attempts, the maximum number of history password records, theprocessing mode after failed password input attempts, the time when the passwordhistory was last cleared, and so on.If a user fails to provide the correct password after the allowed number login-times, thesystem adds the user to the blacklist. To view the names and the IP addresses of suchusers, carry out display password-control blacklist in any view.Table 1-1 Basic configuration tasks of password controlTo do... Use the command... RemarksEnter system view system-view —Enter local user view local-user username —