Enable automatic account locking
Enable automatic account locking by using management GUI or command-line interface.
Using the management GUI
To enable automatic account locking using the management GUI, complete these steps:
- In the management GUI, select .
- On Password Policies page, select Password expiration and account lockout.
- Select the checkbox After a number of failed login attempts, automatically lock accounts for an amount of time.
- Enter the number of consecutive failed login attempts before the account is locked (You can select 1-10 attempts).
- Select either Define time period (minutes) or Indefinite lockout. If you choose to define the time period, enter the number of minutes that an account should remain locked for before automatically unlocking (You can select 1-10080 minutes). If you select indefinite lockout, accounts remain locked until a user with the Security Administrator access unlocks the account manually. See Unlocking user accounts manually.
- Select Allow locking of the superuser account to
enable automatic account locking for the superuser account, for more information see Locking and unlocking superuser accounts.Note: If Allow locking of the superuser account is not enabled, then the superuser account will not be automatically locked when the specified number of failed attempts is reached.
- Click Save.
Using the command-line interface
To enable automatic account locking using the command-line interface, enter the following command:
- Decide how many consecutive failed login attempts (1-10) should lock the account, and how long
the account should remain locked for when it becomes locked (0-10080 minutes).Note: A time of 0 minutes means that the account will be locked indefinitely until manually unlocked by a user with the Security Administrator access.
- Specify required values, enter the following
command:
svctask chsecurity -maxfailedlogins 5 -lockoutperiod 30 - To enable the superuser locking, enter the following
command:
svctask chseurity -superuserlocking enable