Configuring Login Timeout and Login Authentication

Prerequisites

You have the management permissions for the System module.

Configuring Web Login Requirements

1. Log in to the CBH system.
2. Choose System > Sysconfig > Security.
3. In the Web Login Config area, click Edit.

   Complete configurations as prompted.

   Table 1 Parameters for configuring web login

   Parameter	Description
   Idle timeout	Duration to wait before an inactive user is logged out. After a system user logs in to the CBH system through a web browser, if they have no operations for a period longer than the configured idle timeout, they will be logged out. Default value: 30 minutes Value range: 1 to 43200, in minutes
   SMS duration	SMS verification code validity period. Default value: 60 seconds Value range: 60 to 3,600, in seconds If the value is 0, the SMS verification code never expires.
   Captcha	Whether to use the CAPTCHA technology for graphic verification. The options are Enable, Disable, and Auto. Enable: A graphic verification code is required for every login. Disable: No graphic verification code is required for logins. Auto: A graphic verification code is required when the number of consecutive failed password attempts exceeds the configured login attempts.
   Login attempts	If the number of consecutive failed password attempts exceeds the login attempts, the graphic verification is automatically enabled. This parameter is mandatory if Captcha is set to Auto. Default value: 3 Value range: 1 to 30
   Captcha duration	Validity period of a CAPTCHA. Default value: 60 seconds Value range: 15 to 3600, in seconds If the value is 0, the graphic verification code never expires.
   Domain Check	Whether to check domain. This option is disabled by default (). : enabled. If you select the AD domain authentication, you are required to download an SSO client and use the same login name as that registered with the AD domain server to log in to the CBH system. : disabled
   Source IP Check	Whether to check source IP address. The default status is . : The Source IP Check is enabled. If this function is enabled, CBH obtains the source IP address used for accessing the CBH instance from the TCP connection details. When the system finds that the source IP address changes, it disconnects the current session and requires the user to log in again. : The Source IP Check is disabled. If this function is disabled, the session is not disconnected when the source IP address changes. NOTE: CBH will record every source IP address no matter whether Source IP Check is enabled. If you are logged out over and over again due to IP address changes after enabling Source IP Check, you can disable it. There are no impacts on your using of CBH. Only V3.3.44.0-S and later versions support this function.

4. Click OK. You can then check the web login configuration of the current system on the Security tab.

Configuring Login Using a Client

1. Log in to the CBH system.
2. Choose System > Sysconfig > Security.
3. In the Client Login Config area, click Edit.
   Complete configurations as prompted.

   Table 2 Parameters for configuring client login

   Parameter	Description
   Idle timeout	Duration to wait before an inactive user is logged out of the CBH SSH client. Default value: 30 minutes Value range: 1 to 43200, in minutes
   Logon with SSH key	Whether to enable SSH key login authentication (Default: ). : enabled. If you have configured an SSH public key, you can log in to the CBH system using the SSH client without providing passwords. : disabled.
   Logon with password	Whether to enable SSH password login authentication (Default: ). : enabled : disabled If both Logon with SSH key and Logon with password are enabled, the SSH key login authentication is preferentially performed.

4. Click OK. You can then check the client login configuration of the current system on the Security tab.