This feature prevents users from logging in after 20 failed attempts. The user account is locked out for 30 minutes after the last failure login attempt. If the account has not been locked, the running count of failed login attempts is reset to 0 after a valid login.
The administrator controls this feature through the Avi Load Balancer CLI or REST API. The setting for it is maintained within the UserAccountProfile object. By default, all the users in the system are attached to Default-User-Account-Profile, as shown in the following example. If required, the admin can create a new user account profile with different thresholds.
This feature can be deactivated by setting the max_login_failure_count to zero.
admin:10-10-24-52]: > show useraccountprofile Default-User-Account-Profile +-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 0 | | max_login_failure_count | 20 | | account_lock_timeout | 30 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 0 | +-------------------------------+---------------------------------------------------------+
To change user account lockout attributes, use the following.
[admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile Updating an existing object. Currently, the object is: [admin:10-10-24-52]: useraccountprofile> max_login_failure_count 30 Overwriting the previously entered value for max_login_failure_count [admin:10-10-24-52]: useraccountprofile> account_lock_timeout 60 Overwriting the previously entered value for account_lock_timeout [admin:10-10-24-52]: useraccountprofile> save +-------------------------------+---------------------------------------------------------+ | Field | Value | +-------------------------------+---------------------------------------------------------+ | uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 | | name | Default-User-Account-Profile | | max_password_history_count | 0 | | max_login_failure_count | 30 | | account_lock_timeout | 60 | | max_concurrent_sessions | 0 | | credentials_timeout_threshold | 0 | +-------------------------------+---------------------------------------------------------+