Previous Topic: Login PageNext Topic: System Dashboard


GUI Login Brute-Force Attack Prevention

To significantly reduce the effectiveness of brute-force password guessing attacks, CA AppLogic® for System z prohibits users from repeatedly testing whether a name/pasword combination is correct by preventing the user from logging into the GUI after incorrectly entering a password 6 times. When a user incorrectly enters a user name or password 6 times, the user is locked out for 5 minutes and on subsequent 6 unsuccessful attempts, the user is locked out for 1 hour.

When a user is locked out, he is prevented from logging into the GUI even if a valid user name and password is provided until the timeout period has expired. In this situation, a grid maintainer or another grid user that has access to the grid may unlock the user account using the 'user unlock' command. You can also see how much time a locked out user has remaining for their next login attempt by using the 'user info' command.