Configures user-role based account lockout criteria
- role – Select the user-role. The options are:
- device-provisioning-admin
- helpdesk
- monitor
- network-admin
- security-admin
- system-admin
- vendor-admin
- web-user-admin
- max-fail <1-100> – Specify the maximum
number of consecutive, failed attempts allowed before an account is
locked. Specify a value from 1 - 100.
- lockout-time <<0-600> – Specify the
maximum time, in minutes, for which an account remains locked. The
value ‘0‘ indicates that the account is permanently locked. Specify
a value from 0 - 600 minutes.
When configured, the lockout is individually applied to
each account within the specified role/roles. For example, consider the ‘monitor‘
role having two users: ‘user1‘ and ‘user2‘. The max-fail and lockout-time is set
at ‘5‘ attempts and ‘10‘ minutes respectively. In this scenario, user2 makes 5
consecutive, failed login attempts, and the user2 account is locked out for 10
minutes. However, during this lockout time the user1 account remains active.
Note: In the event-system-policy context, enable
‘login-lockout‘ and ‘login-unlocked‘ event notification to trigger e-mail or
syslog notification to users on occurrence of the login-lockout and login-unlock
events. For more information, see event.
|