XOS account lockout policy setting

  • 2
  • 1
  • Question
  • Updated 3 months ago
  • Answered
Hi 
Can anyone tell me what the syntax is for setting an account when it is locked out so that it waits for 120 seconds then the user can re-try again to login?

configure account tom password-policy lockout-on-login-failures on

the above command allows the user tom to lock his account after 3 failed attemtps
Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb

Posted 4 years ago

  • 2
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 40,858 Points 20k badge 2x thumb
Hi Shakil,
EXOS currently doesn't support an option to automatically re-enable accounts based on a timer.
The command you have described is the closest match to what you're trying to accomplish.
configure account [ all | name] password-policy lockout-on-login-failures [ on | off]
You can configure the maximum number of failed logins before a session is terminated (except via SSH).
configure cli max-failed-logins num-of-logins
To re-enable an account that has been locked out, an administrator must login and use this command.
clear account [ all | name] lockout
If you'd like to submit a feature request to enable time-based unlock, I ask that you contact your local SE.

-Drew
Photo of James A

James A, Embassador

  • 7,492 Points 5k badge 2x thumb
Since this is the top result in Google, it's worth noting that time-based unlock has been available since XOS 16.1. It's configured with the lockout-time-period option to configure account, and seems to default to 5 minutes.
How it works with ssh? only 2 attempts allowed?

configure account "name" password-policy lockout-on-login-failures on
configure account "name" password-policy lockout-time-period 5

I know that this conf is about console connections. What if we need to lock out a user after "x" attempts in ssh. What is the status?
(Edited)