Configuring an account policy by using the command line

Use the command line to configure an account policy for local users.

About this task

You can use commands to configure the account policy for users defined locally on the appliance. The policy does not apply to users defined in other ways.

Procedure

  1. Connect to the IBM® MQ Appliance as described in Command line access. Log in as an administrative user.
  2. Type config to enter global configuration mode.
  3. Type the following command to configure role based management: 
    rbm
  4. Use the following commands, as required, to configure your account policy:
    • Specify that you want to restrict the admin account to connect only by using the serial port by entering the following command:
      restrict-admin on
    • Specify the maximum number of login attempts that can occur before an account is locked out:
      max-login-failure count
    • Specify the duration to lock out accounts for after the specified number of failed logins:
      lockout-duration minutes
    • Enter the following command to specify a CLI timeout:
      cli-timeout seconds

Example

The following example configures an account policy that specifies a user can have three attempts to log in before they are locked out for an hour. CLI sessions timeout if they are inactive for twenty minutes.

mqa# config
Global configuration mode
mqa(config)# rbm
Modify RBM Settings configuration

mqa(config rbm)# max-login-failure 3
mqa(config rbm)# lockout-duration 60
mqa(config rbm)# cli-timeout 1200
mqa(config rbm)# exit
mqa(config)# write memory
Overwrite previously saved configuration? Yes/No [y/n]: y
Configuration saved successfully.