Skip to main content

3.5.11 Enabling/Disabling the Login Lockout Function


3.5.11 Enabling/Disabling the Login Lockout Function
When the login lockout function is enabled, and a user fails three times in succession when attempting to log in, that user will not be able to log in until after a predetermined amount of time has passed. In the default settings, the login lockout function is disabled.
To set a lockout time and enable the login lockout function, use the setloginlockout command. To enable the lockout function, set the lockout time to a time other than 0 minutes. Any value from 0 to 1,440 minutes can be set as the lockout duration. To disable the lockout function after it has been activated, specify a lockout time of 0 minutes. Use the showloginlockout command to confirm the lockout time that is set. Execute the setloginlockout command and showloginlockout command with a user account that has the useradm privilege.
  1. Execute the showloginlockout command to display the lockout function setting.
XSCF> showloginlockout
90 minutes
  1. Execute the setloginlockout command to configure the lockout function.
    The following example specifies a lockout duration of 20 minutes and enables the lockout function.
XSCF> setloginlockout -s 20
  1. The following example disables the lockout function.
XSCF> setloginlockout -s 0
The set lockout duration applies from the next login. If the specified time is 0 minutes, the lockout function is disabled beginning at the next login.
The lockout function is enabled on both the master and standby XSCFs. If a user account is locked out, a message is saved in the audit log.
If the lockout function is disabled, there is no limit on the number of permitted login attempts by users.
If you need to use a locked-out user account before the lockout duration expires, the system administrator can disable the lockout function. After a successful login to that user account, the system administrator should set the lockout duration and enable the lockout function again.