You can use system settings to enforce lockout policies.
A lockout policy determines the conditions under which multiple failed login attempts will prevent a user from logging in. The condition is set as the maximum number of consecutive failed login attempts. A timer determines whether a set of logins are considered as consecutive attempts. They system can "forget" a failed login, based on the timer.
If there have been failed logins for a user account since the last successful login, a pop-up is displayed at the next successful login that shows the number of unsuccessful login attempts. The pop-up is shown only if the lockout condition has not been met.
When the lockout condition is met, a user enters a lockout state. The user may be required to do one of two things:
System settings determine the lockout policy:
See
.To reset a locked account, the root user uses the COMMAND_USER_RESET_LOCKOUT command.