Administration GuideManage User Accounts and PasswordsCreate a Password PolicyHow to Set Account Suspension Rules › Set the Time after Which Users Can Attempt to Log In Again

Previous Topic: Suspend Accounts After Failed Login Attempts

Next Topic: Set Some Accounts to Never be Suspended
Set the Time after Which Users Can Attempt to Log In Again

If you use the set password-retries command to define how many times a user can attempt to log in before their account is suspended, you can also set a time after which the user can try again.

This means that after the period you set, the suspended account becomes active again.

If you do not use this option, an administrator must reset the user's password to unlock the account.

To let users try to log in again after a certain amount of time has passed, use the following command:

set password-max-suspension = number-seconds | 0 ;

Example: Allow Users 5 Login Attempts, and a Delay of 30 Minutes before Trying Again

In this example, you want to allow users five unsuccessful login attempts before suspending their account. You then want to let the user try again after half an hour.

To set this up, use these commands:

set password-policy = true;
set password-retries = 5;
set password-max-suspension = 1800;

The following happens when a user tries to log in with an incorrect password:

  1. Craig Link tries to log in using the wrong password.
  2. He tries again four more times with incorrect passwords.

    His login is unsuccessful, and his account is suspended.

  3. After 30 minutes, Craig Link's account is active again, and he can try to log in again.

More information:

set password-max-suspension Command