The user-manage local-authentication command configures the threshold for allowed consecutive authentication attempts and the lockout duration of a user account after the number of authentication attempts exceeds the threshold.
The undo user-manage local-authentication command restores the default threshold for allowed consecutive authentication attempts and the default lockout time.
user-manage local-authentication { authentication-failed-times authentication-failed-times | locked-time locked-time } *
undo user-manage local-authentication
| Parameter | Description | Value |
|---|---|---|
| authentication-failed-times authentication-failed-times | Specifies the threshold for allowed consecutive authentication attempts. | The value is an integer ranging from 0 to 5. The default value is 3. 0 indicates disabling the lockout function. |
| locked-time locked-time | Specifies the lockout duration in which the user cannot initiate any authentication requests. | The value is an integer ranging from 1 to 10, in minutes. The default value is 5. |
By default, the threshold for allowed consecutive authentication attempts is 3, and the lockout duration is 5 minutes.
The number of failed consecutive authentication attempts is independent of addresses. Even if the failed consecutive attempts are completed at different addresses, the failed authentication attempts still accumulate. For example, the system configuration stipulates that a user is locked out after three consecutive failed authentication attempts. If any of the three hosts at different addresses fails to be authenticated using the same user name, the number of failed attempts accumulates to three.
This command applies only to users using local authentication.