2270 User automatically locked due to failed login attempts.

Explanation

The user indicated in the log has been locked out of the system due to repeated failed logins.

User response

In the management GUI, refer to Access > Users by group to review the user details, such as the reason for the lock and the time until the lock expires. Alternatively, in the CLI, use the lsuser command. To review the current lockout configuration, refer to Settings > Security > Password Policies > Expiration and Lockout in the management GUI, or refer to the lssecurity commands.
A security administrator can do the following tasks:
  • If the user’s access is valid, unlock the account using the Unlock option in the GUI or run the chuser -unlock <username|userid> CLI command. Otherwise, the user must wait until the lockout duration expires.
  • If the user’s access is considered suspicious, lock the account indefinitely using the lock option in the GUI or run the chuser -lock <username|userid> CLI command. A security administrator must unlock the account before the user can log in again.
  • If a user forgets their password, navigate to Local Credentials > Password > Change to set a temporary password. Then, select the 'Expire Password' action to require the user to create a new password at their next login. For CLI, run the chuser command with the -password and -forcepasswordchange options. Provide the temporary password to the user securely.
  • To change the user lockout settings, update the configuration in the management GUI under Settings > Security > Password Policies > Expiration and Lockout.