beautypg.com

About account locking, Locking user accounts, 338 locking user accounts – HP XP P9000 Command View Advanced Edition Software User Manual

Page 338

background image

Changing the user authentication method

, page 342

Using an external authorization server (authorization groups)

, page 342

About account locking

To prevent unauthorized individuals from logging in, you can set the system to automatically lock user
accounts when invalid passwords are entered a specified number of times in succession.

The following limitations apply when setting automatic account locking:

Accounts for which external authentication is enabled function according to the settings on the
external authentication server. Settings for automatic account locking of these accounts are not
controlled from Replication Manager. These accounts must be manually locked.

By default, the built-in account (user ID:

System

) cannot be locked automatically. To enable

automatic locking of the built-in account, you must edit the

user.conf

file on the management

server. For details about the

user.conf

file, see the HP P9000 Replication Manager Software

Configuration Guide.

If other P9000 Command View AE Suite products are being used in addition to Replication
Manager, successive unsuccessful attempts to log in to any of the P9000 Command View AE Suite
products are counted in determining when to automatically lock a user account. The number of
unsuccessful login attempts associated with a specific user account is reset when login to that ac-
count is successful or when the account is locked.

If you change the setting for the number of allowed login failures, the new setting does not apply
retroactively to users who have already exceeded the new value or to user accounts that are
already locked.

If an attempt is made to log in to Replication Manager using an invalid password for a user account
that is already logged into Replication Manager.

If you want to lock the accounts for external authentication, lock the accounts manually. For details
on how to do this, see

Locking user accounts

” on page 338.

A user whose account has already been locked automatically cannot log in until the account is
unlocked. When a user whose account is locked attempts to log in, the user is only notified of an
ordinary authentication error, not that his or her account is locked. You can check the Status column
of the list of users to determine whether a user account is locked. For details on how to unlock user
accounts, see “

Unlocking user accounts

” on page 339.

Related topics

Viewing settings for automatic account locking

, page 347

Changing settings for automatic account locking

, page 347

Locking user accounts

You can temporarily prevent specific users from logging in by manually locking their accounts.

NOTE:

Users who have the User Management permission can manually lock and unlock user accounts
registered in the P9000 Command View AE Suite products.

The following restrictions apply to account locking:

The accounts of users who are currently logged in can be locked; however, a user cannot lock
his or her own account while logged in.

Managing users and permissions

338

This manual is related to the following products: