Important This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Locking or unlocking users

A user gets locked automatically if the user tries to log in too many times with the incorrect password. If a user gets locked, either the system can unlock the user automatically after a configurable amount of time elapses, or an administrator or a user with the Unlock Users system right can unlock that user. Following events are logged in the event log whenever a user is locked or unlocked:

  • System event with warning level whenever a user is locked
  • System event with info level whenever a user is auto unlocked
  • User event with info level whenever a user is unlocked by other user

Note

  • If you are using RADIUS or TACACS/TACACS+ authentication, invalid users are also locked after the failed login attempts.
  • If an administrator gets locked, a user with the Unlock Users right can unlock the administrator. If no other user has this right, either administrator get unlocked automatically after a specific time period, or you need to restart the TrueSight Network Automation services. If these services are restarted, other users also get unlocked.

You can configure the number of allowed failed login attempts and the time after which a user gets unlocked automatically by using the following properties in the catalina.properties file. This file is located in the BCAN_HOME\tomcat\conf directory.

  • bna.lockOutRealm.failureCount: Indicates the maximum number of failed login attempts after which a user gets locked. Default value is 5.
  • bna.lockOutRealm.lockOutTime: Indicates the time (in seconds) after which a user gets unlocked automatically. Default value is 86400 (24 hours).

You can also configure the following cache settings in the catalina.properties file:

  • bna.lockOutRealm.cacheSize: Indicates the number of users to be kept in cache that got locked due to failed login attempts. Default value is 1000.
  • bna.lockOutRealm.cacheRemovalWarningTime: Indicates the time (in seconds) after which a warning message is logged if a locked user is removed from the cache because the cache is too big before it has been in the cache for at least this period of time. Default value is 3600 (1 hour).

To unlock a user

  1. Open the Users page by navigating to Admin > User Admin > Users.
    For each locked user, the User Name column shows a Lock icon Icon_Lock.png. The Actions column shows an Unlock icon Icon_Unlock.pngfor each locked user if the logged in user has the Unlock Users right.
    LockedUsers.png
  2. Click the Unlock icon to unlock the user.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*