Open topic with navigation
To protect against brute force attacks on user accounts, you can configure HPE IDOL Server to lock user accounts when there are too many incorrect login attempts within a specified time period.
To set a maximum number of login attempts
Open the HPE IDOL Server configuration file in a text editor.
[User] section, or create one if it does not exist.
LoginMaxAttempts parameter to the maximum number of incorrect login attempts to allow in the time period.
LoginExpiryTime parameter to the time (in seconds) before the current number of login attempts resets. HPE IDOL Server locks the user account if there are too many incorrect login attempts within this time period. For example:
In this example, the user account locks if there are three incorrect login attempts within 60 seconds of each other.
To automatically unlock users, set the
LockRemovalDuration parameter to the length of time that the user remains locked. For example:
-1 to disable it.
Save and close the configuration file. Restart HPE IDOL Server for your changes to take effect.
Notify your users of your password and PIN policies.
Users must contact a system administrator to unlock their accounts, unless you configure the