Before you configure the VMware Aria Automation appliances account lockout policy for the local account, decide on certain policy settings.

Table 1. Default Account Lockout Policy for VMware Aria Automation

Setting

Default

Description

deny

3

Maximum number of authentication failures before the account is locked

unlock_time

600

Amount of time in seconds that the account remains locked

root_unlock_time

600

Amount of time in seconds that the root account remains locked

Procedure

  1. Log in to the primary VMware Aria Automation node by using a Secure Shell (SSH) client at <aria_automation_primary_node_fqdn>:22 as root.

  2. Back up the /etc/security/faillock.conf file for the appliance by running the following command.

    cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back

  3. Configure the maximum number of failed log-in attempts by running the following command.

    sed -i 's/^\s*#*\s*deny\s*=\s*[0-9]\+/deny=<your_value>/g' /etc/security/faillock.conf

  4. Configure the unlock time for the root account by running the following command.

    sed -i 's/^\s*#*\s*root_unlock_time\s*=\s*[0-9]\+/root_unlock_time=<your_value>/g' /etc/security/faillock.conf

  5. Change the unlock time for all other local accounts by running the following command.

    sed -i 's/^\s*#*\s*unlock_time\s*=\s*[0-9]\+/unlock_time=<your_value>/g' /etc/security/faillock.conf

  6. Verify the configuration of the desired values by running the following command.

    cat /etc/security/faillock.conf

  7. Repeat the procedure for the remaining VMware Aria Automation appliances.