sysconf user login
Configures login rate limiting. A user account is locked temporarily upon consecutive failed logins within the set interval. The locked account is unlocked after the specified unlock/release interval.
CAUTION! This feature is not supported for use with Clusters; do not enable it on any Luna Network HSM 7 that is a member of a cluster.
NOTE This command requires Luna Appliance Software 7.9.0 or newer.
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
sysconf user login [-attempt <number>] [-release <number>] [-interval <number>] [-disable]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -attempt <# allowed failed attempts> | -a |
The maximum number of login failure attempts (within the allowed interval) before account lockout. Default = 3 |
| -interval <window length> | -i |
Failure detection interval or window; this is the span, in seconds, during which failed logins are counted (1-86400). The interval starts with a detected failed login. If more failed attempts occur during the interval, they are added to the count. If the count reaches the maximum allowed failed attempts, the account is locked out for a period determined by the -release parameter. If the window/interval expires without the lockout threshold of bad attempts being reached. The count is cleared and any new failed attempt starts the count again, and launches a new -interval. Default = 900 seconds |
| -release <lock release period> | -r |
Lockout release. Time, in seconds, to unlock account after the lockout is triggered (1-86400). Default = 600 seconds |
| -disable | -d | Disables the policy. View the current settings with sysconf user show. |
Example setting login policy to specific values
lunash:>sysconf user login -a 10 -r 3600 -i 900 Restarting ssh... Login policy set successfully. Command Result : 0 (Success) lunash:>sysconf user show Password policies: ===================== History : 3 Expire after : 90 days Minimum length : 8 characters Deny attempts : 10 Release interval : 3600 seconds Detection window : 900 seconds Command Result : 0 (Success)
Example disabling the login policy
lunash:>sysconf user login -disable Restarting ssh... Login policy disabled. Command Result : 0 (Success) lunash:>sysconf user show Password policies: ===================== History : 3 Expire after : 90 days Minimum length : 8 characters Login policy : disabled Command Result : 0 (Success)
