cancel
Showing results for 
Search instead for 
Did you mean: 

XOS account lockout policy setting

XOS account lockout policy setting

shakil_khan
New Contributor
Hi
Can anyone tell me what the syntax is for setting an account when it is locked out so that it waits for 120 seconds then the user can re-try again to login?

configure account tom password-policy lockout-on-login-failures on

the above command allows the user tom to lock his account after 3 failed attemtps
3 REPLIES 3

Drew_C
Valued Contributor III
Hi Shakil,
EXOS currently doesn't support an option to automatically re-enable accounts based on a timer.
The command you have described is the closest match to what you're trying to accomplish.
configure account [ all | name] password-policy lockout-on-login-failures [ on | off]
You can configure the maximum number of failed logins before a session is terminated (except via SSH).
configure cli max-failed-logins num-of-loginsTo re-enable an account that has been locked out, an administrator must login and use this command.
clear account [ all | name] lockoutIf you'd like to submit a feature request to enable time-based unlock, I ask that you contact your local SE.

-Drew

How it works with ssh? only 2 attempts allowed?

configure account "name" password-policy lockout-on-login-failures on
configure account "name" password-policy lockout-time-period 5

I know that this conf is about console connections. What if we need to lock out a user after "x" attempts in ssh. What is the status?

James_A
Valued Contributor
Since this is the top result in Google, it's worth noting that time-based unlock has been available since XOS 16.1. It's configured with the lockout-time-period option to configure account, and seems to default to 5 minutes.
GTM-P2G8KFN