Configuring account lockout for failed login attempts
You can configure account lockout for an excessive number of failed user login attempts.
Setting account lockout requires knowledge of XML file editing.
Account lockout is configured in the loginPolicy.xml file. You can set the maximum number of failed attempts before a user account is locked out for a specified number of minutes. For example, based on the default values, a user is locked out if they enter an incorrect password 3 times. The user remains locked out for 15 minutes. To configure account lockout for failed login attempts:
To open the loginPolicy.xml file, in the IBM® Sterling Control Center
Monitor web console, go to your user ID
and then click . The following example shows the default loginPolicy.xml file.
<?xml version="1.0" encoding="UTF-8"?> <loginPolicy> <enabled>true</enabled> <maxFailedLogins>3</maxFailedLogins> <lockoutDuration>15</lockoutDuration> </loginPolicy>
- To set the number of maximum failed login attempts before an account is locked out, type a value between the <maxFailedLogins> and </maxFailedLogins> tags. The default is 3.
- To set the amount of time (in minutes) that an account is locked out, type a value between the <maxLength> and </maxLength> tags. The default is 15 minutes.
- Save the loginPolicy.xml file.
- Restart all your IBM Sterling Control Center Monitor event processors.