About account locking, Locking user accounts, 342 locking user accounts – HP XP Racks User Manual
Page 342
• Changing the user authentication method
• Using an external authorization server (authorization groups)
About account locking
To prevent unauthorized individuals from logging in, you can set the system to automatically lock user
accounts when invalid passwords are entered a specified number of times in succession.
The following limitations apply when setting automatic account locking:
•
Accounts for which external authentication is enabled function according to the settings on the
external authentication server. Settings for automatic account locking of these accounts are not
controlled from Replication Manager. These accounts must be manually locked.
•
By default, the built-in account (user ID:
System
) cannot be locked automatically. To enable
automatic locking of the built-in account, you must edit the
user.conf
file on the management
server. For details about the
user.conf
file, see the HP P9000 Replication Manager Software
Configuration Guide.
•
If other P9000 Command View AE Suite products are being used in addition to Replication
Manager, successive unsuccessful attempts to log in to any of the P9000 Command View AE Suite
products are counted in determining when to automatically lock a user account. The number of
unsuccessful login attempts associated with a specific user account is reset when login to that ac-
count is successful or when the account is locked.
•
If you change the setting for the number of allowed login failures, the new setting does not apply
retroactively to users who have already exceeded the new value or to user accounts that are
already locked.
•
If an attempt is made to log in to Replication Manager using an invalid password for a user account
that is already logged into Replication Manager.
If you want to lock the accounts for external authentication, lock the accounts manually. For details
on how to do this, see “
A user whose account has already been locked automatically cannot log in until the account is
unlocked. When a user whose account is locked attempts to log in, the user is only notified of an
ordinary authentication error, not that his or her account is locked. You can check the Status column
of the list of users to determine whether a user account is locked. For details on how to unlock user
accounts, see “
Related topics
• Viewing settings for automatic account locking
• Changing settings for automatic account locking
Locking user accounts
You can temporarily prevent specific users from logging in by manually locking their accounts.
NOTE:
Users who have the User Management permission can manually lock and unlock user accounts
registered in the P9000 Command View AE Suite products.
The following restrictions apply to account locking:
•
The accounts of users who are currently logged in can be locked; however, a user cannot lock
his or her own account while logged in.
Managing users and permissions
342