Use > Hardening > Universal CMDB Login Authentication > User Lockout Mechanism

User Lockout Mechanism

The user lockout mechanism allows UCMDB administrators to:

  • enable or disable the lockout mechanism
  • specify how many failed login attempts are allowed before a user is locked out
  • specify the period of time after which the locked accounts will be automatically released
  • retrieve a list of locked out users and unlock certain users

In addition, all failed login attempts are logged, and consecutive attempts are reported to the proper security administration personnel in your organization.

The table below describes the infrastructure settings available with the lockout mechanism (Administration > Infrastructure Settings Manager > Security Settings):

Name Description Default Value
User lockout mechanism enabled Enable the user lockout mechanism after a number of failed login attempts. Setting the value to false disables this feature. The default value is true. True
User lockout timeout value (minutes) The time value in minutes until the next login attempt can be successfully permitted in case the current user is locked out. 10
The maximum number of failed login attempts prior to a user lockout The maximum number of failed login attempts before a user enters the timed lock out state. 3

In the JMX console, under Security Services, the following JMX methods can be used for unlocking users:

  • retrieveCurrentlyLockedOutUsers. Retrieves a list of the currently locked out users and allows individual unlocking.
  • unlockUser. Allows unlocking a certain user that is currently locked out by the login mechanism.

User Lockout Mechanism for the Server Status page, JMX Console, and SDK

When users access the Server Status page, JMX Console, or SDK, they could be locked out if they fail the login authentication for a number of times. You can configure the maximum failed login attempts allowed, maximum lockout time period for them using the following infrastructure settings.

Name Description Default Value
failed.login.attempts.limit The maximum number of failed login attempts allowed. 3 The maximum time period (in minutes) allowed for invalid login attempts. 15 The maximum time period (in minutes) that a user is locked out after failed login attempts. 10
invalid.login.lock.out.enabled Enable or disable the user lockout mechanism for the Server Status page, JMX Console, or SDK. By default it is enabled. True