Mellanox Technologies Mellanox SX1018 Command Reference Manual page 137
Ethernet managed blade switch
Hide thumbs
Also See for Mellanox SX1018:
- Command reference manual (419 pages) ,
- User manual (88 pages) ,
- Release note (12 pages)
Table of Contents
Advertisement
Syntax Description
enable
lock-time
max-fail
unlock-time
Enables locking out of user accounts based on authenti-
cation failures.
This both suspends enforcement of any existing lock-
outs, and prevents any new lockouts from being
recorded. If lockouts are later re-enabled, any lockouts
that had been recorded previously resume being
enforced; but accounts which have passed the max-fail
limit in the meantime are NOT automatically locked at
this time. They would be permitted one more attempt,
and then locked, because of how the locking is done:
lockouts are applied after an authentication failure, if
the user has surpassed the threshold at that time.
Lockouts only work if tracking is enabled. Enabling
lockouts automatically enables tracking. Disabling
tracking automatically disables lockouts.
Sets maximum permitted consecutive authentication
failures before locking out users.
Unlike the "max-fail" setting, this does take effect
immediately for all accounts
If both unlock-time and lock-time are set, the unlock-
time must be greater than the lock-time
This is not based on the number of consecutive failures,
and is therefore divorced from most of the rest of the
tally feature, except for the tracking of the last login
failure
Sets maximum permitted consecutive authentication
failures before locking out users.
This setting only impacts what lockouts are imposed
while the setting is active; it is not retroactive to previ-
ous logins. So if max-fail is disabled or changed, this
does not immediately cause any users to be changed
from locked to unlocked or vice-versa.
Enables the auto-unlock of an account after a specified
number of seconds if a user account is locked due to
authentication failures, counting from the last valid
login attempt.
Unlike the "max-fail" setting, this does take effect
immediately for all accounts.
If both unlock-time and lock-time are set, the unlock-
time must be greater than the lock-time.
Careful with disabling the unlock-time, particularly if
you have max-fail set to something, and have not over-
ridden the behavior for the admin (i.e. they are subject
to lockouts also). If the admin account gets locked out,
and there are no other administrators who can aid, the
user may be forced to boot single-user and use the
pam_tallybyname command-line utility to unlock your
account manually. Even if one is careful not to incur
this many authentication failures, it makes the system
more subject to DOS attacks.
Mellanox Technologies
Rev 1.6.2
137
- Quick Links:
- 1.1 Cli Modes
Hide quick links:
Advertisement
Table of Contents
