Security Command Reference
Page 104 7705 SAR OS System Management Guide
Default count: 3
time minutes: 5
lockout minutes: 10
Parameters count — the number of unsuccessful login attempts allowed for the specified time. This is a
mandatory value that must be explicitly entered.
Values 1 to 64
time minutes — the period of time, in minutes, that a specified number of unsuccessful attempts can
be made before the user is locked out
Values 0 to 60
lockout minutes — the lockout period, in minutes, where the user is not allowed to log in. Values are
minutes.
Values 0 to 1440
When the user exceeds the attempted count times in the specified time, then that user is locked
out from any further login attempts for the configured time period.
authentication-order
Syntax authentication-order [method-1] [method-2] [method-3] [exit-on-reject]
no authentication-order
Context config>system>security>password
Description This command configures the sequence in which password authentication, authorization, and
accounting is attempted among RADIUS, TACACS+, and local passwords.
The order should be from the most preferred authentication method to the least preferred. The
presence of all methods in the command line does not guarantee that they are all operational.
Specifying options that are not available delays user authentication.
If all (operational) methods are attempted and no authentication for a particular login has been
granted, then an entry in the security log registers the failed attempt. Both the attempted login
identification and originating IP address are logged with a timestamp.
The no form of the command reverts to the default authentication sequence.
Default authentication-order radius tacplus local
Parameters method-1 — the first password authentication method to attempt
Default radius
Values radius, tacplus, local
method-2 — the second password authentication method to attempt
Default tacplus
Values radius, tacplus, local
To Next Page
Loading...
