Enabling the admin lockout policy, Unlocking an account, Disabling the admin lockout policy – Dell POWEREDGE M1000E User Manual
Page 144
144
Fabric OS Administrator’s Guide
53-1002745-02
Password policies
5
A failed login attempt counter is maintained for each user on each switch instance. The counters
for all user accounts are reset to zero when the account lockout policy is enabled. The counter for
an individual account is reset to zero when the account is unlocked after a lockout duration period
expires, or when the account user logs in successfully.
The admin account can also have the lockout policy enabled on it. The admin account lockout
policy is disabled by default and uses the same lockout threshold as the other permissions. It can
be automatically unlocked after the lockout duration passes or when it is manually unlocked by
either a user account that has a securityAdmin or other admin permissions.
Virtual Fabrics considerations: The home logical fabric context is used to validate user enforcement
for the account lockout policy.
Note that the account-locked state is distinct from the account-disabled state.
Use the following attributes to set the account lockout policy:
•
LockoutThreshold
Specifies the number of times a user can attempt to log in using an incorrect password before
the account is locked. The number of failed login attempts is counted from the last successful
login. LockoutThreshold values range from 0 through 999, and the default value is 0. Setting
the value to 0 disables the lockout mechanism.
•
LockoutDuration
Specifies the time, in minutes, after which a previously locked account is automatically
unlocked. LockoutDuration values range from 0 through 99999, and the default value is 30.
Setting the value to 0 disables lockout duration, and would require a user to seek
administrative action to unlock the account. The lockout duration begins with the first login
attempt after the LockoutThreshold has been reached. Subsequent failed login attempts do
not extend the lockout period.
Enabling the admin lockout policy
1. Log in to the switch using an account that has admin or securityAdmin permissions.
2. Enter the passwdCfg
--
enableadminlockout command.
Unlocking an account
1. Log in to the switch using an account that has admin or securityAdmin permissions.
2. Enter the userConfig
--
change account_name -u command specifying the name of the user
account that is locked out.
Disabling the admin lockout policy
1. Log in to the switch using an account that has admin or securityAdmin permissions.
2. Enter the passwdCfg
--
disableadminlockout command.