Contents
1 Introduction
This document describes how to configure login failure delay for user authentication. The login failure delay value controls how long the delay is in seconds after an unsuccessful authentication until the next authentication attempt can be performed. There is also an operating system internal random variation in the delay to prevent systematic attack scenarios.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To change login failure delay in user management:
- Navigate to UserManagement Managed
Object (MO), for example:
>dn ManagedElement=1,SystemFunctions=1,SecM=1,UserManagement=1
- Enter Config mode:
(UserManagement=1)>configure
- Set the login failure delay as required, for example,
to 12 seconds:
(config-UserManagement=1)>loginFailureDelay=12
- Commit the setting:
(config-UserManagement=1)>commit
- Verify the loginFailureDelay:
(UserManagement=1)>show loginFailureDelay
The following is an example output:
loginFailureDelay=12
To remove login failure delay (new authentication attempt can be performed immediately after an unsuccessful authentication) in user management:
- Navigate to UserManagement MO,
for example:
>dn ManagedElement=1,SystemFunctions=1,SecM=1,UserManagement=1
- Enter Config mode:
(UserManagement=1)>configure
- Delete login failure delay:
(config-UserManagement=1)>no loginFailureDelay
- Commit the setting:
(config-UserManagement=1)>commit
- Verify the loginFailureDelay is deleted:
(UserManagement=1)>show loginFailureDelay
The following is an example output:
loginFailureDelay=[]