The table in this section lists the Service Console variables to control account lock-out in the event of multiple failed logon attempts.
| Variable | Purpose |
|---|---|
| KDHS_MAX_FAILED_LOGINS | Tivoli® Monitoring
Service Console lock-out is a process that counts the number of failed
logon attempts to the Service Console. This helps to protect the Service
Console from attacks that try thousands of different user IDs and
passwords. When a Service Console logon fails, the source IP address
is recorded along with the user ID and the fail count associated with
that IP address is incremented. When the failure count for a specific
IP address exceeds KDHS_MAX_FAILED_LOGINS, that IP address is locked
out from further login attempts to the Service Console. Default is 5. |
| KDHS_ACCOUNT_LOCKOUT_PERIOD | When the number of failed logon attempts from
an IP address to the Service Console exceeds the number defined in
KDHS_MAX_FAILED_LOGINS, that IP address is locked out from further
login attempts for the period of time defined in KDHS_ACCOUNT_LOCKOUT_PERIOD.
The unit of measure for this variable is seconds. Default is 1800. |