Locking or unlocking users

A user gets locked automatically if the user tries to log in too many times (default is 5 times) with the incorrect password. If a user gets locked, either the system can unlock the user automatically after a configurable amount of time elapses, or an administrator or a user with the Unlock Users system right can unlock that user. Following events are logged in the event log whenever a user is locked or unlocked:

  • System event with warning level whenever a user is locked
  • System event with info level whenever a user is auto unlocked
  • User event with info level whenever a user is unlocked by other user

Note

  • If you are using RADIUS or TACACS/TACACS+ authentication, invalid users are also locked after the failed login attempts.
  • If an administrator gets locked, a user with the Unlock Users right can unlock the administrator. If no other user has this right, either administrator get unlocked automatically after a specific time period, or you need to restart the TrueSight Network Automation services. If these services are restarted, other users also get unlocked.

You can configure the number of allowed failed login attempts and the time after which a user gets unlocked automatically by using the following properties in the catalina.properties file. This file is located in the BCAN_HOME\tomcat\conf directory.

  • bna.lockOutRealm.failureCount: Indicates the maximum number of failed login attempts after which a user gets locked. Default value is 5.
  • bna.lockOutRealm.lockOutTime: Indicates the time (in seconds) after which a user gets unlocked automatically. Default value is 86400 (24 hours).

You can also configure the following cache settings in the catalina.properties file:

  • bna.lockOutRealm.cacheSize: Indicates the number of users to be kept in cache that got locked due to failed login attempts. Default value is 1000.
  • bna.lockOutRealm.cacheRemovalWarningTime: Indicates the time (in seconds) after which a warning message is logged if a locked user is removed from the cache because the cache is too big before it has been in the cache for at least this period of time. Default value is 3600 (1 hour).

To unlock a user

The Admin > User Admin > Users page shows an Unlock icon Unlock.pngfor each locked user if the logged in user has the Unlock Users right. To unlock the user, click Unlock.

UsersListing.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*