If you use the set password-retries command to define how many times a user can attempt to log in before their account is suspended, you can also set a time after which the user can try again.
This means that after the period you set, the suspended account becomes active again.
If you do not use this option, an administrator must reset the user's password to unlock the account.
To let users try to log in again after a certain amount of time has passed, use the following command:
set password-max-suspension = number-seconds | 0 ;
Example: Allow Users 5 Login Attempts, and a Delay of 30 Minutes before Trying Again
In this example, you want to allow users five unsuccessful login attempts before suspending their account. You then want to let the user try again after half an hour.
To set this up, use these commands:
set password-policy = true; set password-retries = 5; set password-max-suspension = 1800;
The following happens when a user tries to log in with an incorrect password:
His login is unsuccessful, and his account is suspended.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |