To configure the HCX Connector appliance account lockout policy for the local account, decide on certain policy settings.

Table 1. Default Account Lockout Policy for the HCX Connector Appliance

Setting

Default

Description
deny 3 Maximum number of authentication failures before the account is locked
unlock_time 60 Amount of time in seconds that the account remains locked
root_unlock_time 300 Amount of time in seconds that the root account remains locked

Procedure

  1. Activate Secure Shell (SSH) on the HCX Connector appliance.

    1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user account assigned the Admin role

    2. On the main navigation bar, click Appliance Summary.

    3. On the Appliance Summary page, under System Level Services, start the SSH Service.

  2. Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
  3. Switch to the root user by running the command.
    su -
  4. Back up the /etc/pam.d/system-password file by running the following command.
    cp -p /etc/pam.d/system-auth /etc/pam.d/system-auth-`date +%F_%H:%M:%S`.back
  5. Change the maximum number of failed attempts by running the following command.
    sed -i -E 's/deny=[-]?[0-9]+/deny=<your_value>/g' /etc/pam.d/system-auth
  6. Change the unlock time for the root account by running the following command.
    sed -i -E 's/root_unlock_time=[-]?[0-9]+/root_unlock_time=<your_value>/g' /etc/pam.d/system-auth
  7. Change the unlock time for all other accounts by running the following command.
    sed -i -E 's/ unlock_time=[-]?[0-9]+/unlock_time=<your_value>/g' /etc/pam.d/system-auth
  8. Verify the configuration of the desired values by running the following command.
    cat /etc/pam.d/system-auth

  9. Deactivate SSH on the HCX Connector appliance.

    1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 again.
    2. Stop the SSH Service.