XOS account lockout policy setting

  • 2
  • 1
  • Question
  • Updated 3 months ago
  • Answered
Can anyone tell me what the syntax is for setting an account when it is locked out so that it waits for 120 seconds then the user can re-try again to login?

configure account tom password-policy lockout-on-login-failures on

the above command allows the user tom to lock his account after 3 failed attemtps
Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb

Posted 4 years ago

  • 2
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 40,858 Points 20k badge 2x thumb
Hi Shakil,
EXOS currently doesn't support an option to automatically re-enable accounts based on a timer.
The command you have described is the closest match to what you're trying to accomplish.
configure account [ all | name] password-policy lockout-on-login-failures [ on | off]
You can configure the maximum number of failed logins before a session is terminated (except via SSH).
configure cli max-failed-logins num-of-logins
To re-enable an account that has been locked out, an administrator must login and use this command.
clear account [ all | name] lockout
If you'd like to submit a feature request to enable time-based unlock, I ask that you contact your local SE.

Photo of James A

James A, Embassador

  • 7,492 Points 5k badge 2x thumb
Since this is the top result in Google, it's worth noting that time-based unlock has been available since XOS 16.1. It's configured with the lockout-time-period option to configure account, and seems to default to 5 minutes.
How it works with ssh? only 2 attempts allowed?

configure account "name" password-policy lockout-on-login-failures on
configure account "name" password-policy lockout-time-period 5

I know that this conf is about console connections. What if we need to lock out a user after "x" attempts in ssh. What is the status?