Previous Topic: Set the Time after Which Users Can Attempt to Log In Again

Next Topic: Example: Simple Password Policy

Set Some Accounts to Never be Suspended

Accounts can be made to never be suspended, regardless of the number of incorrect login attempts.

You can use this to protect critical accounts that need to be immune to password lockout attacks.

To set a user's password to never be suspended

  1. Use the following command to set the password-allow-ignore-suspended option to true:
    set password-allow-ignore-suspended = true;
    
  2. Add the attribute dxPwdIgnoreSuspended to the user's entry.
  3. Set the value of this attribute to true.

Note: To check which user passwords are set to never expire, search for all user accounts with the attribute dxPwdIgnoreSuspended = true.

More information:

set password-allow-ignore-suspended Command

Set Some Accounts to Never Expire


Copyright © 2009 CA. All rights reserved. Email CA about this topic