You use the Security Controls action in the Security Groups and Users application to enable or disable login tracking. Login tracking enhances security by limiting the number of incorrect passwords a user can enter when attempting to sign in. When you enable login tracking, the system logs all sign in attempts—successful and unsuccessful. You can specify the maximum number of unsuccessful sign in attempts. If a user exceeds the maximum number of unsuccessful attempts, the status of their user record is changed to BLOCKED. The user is prevented from logging in until an administrator uses the Change Status action to set their status back to ACTIVE.
After each successful sign in, the count for unsuccessful sign in attempts is reset to zero.
You must enable login tracking to control the number of login attempts allowed for a user. If you set the number of login attempts without enabling login tracking, the system does not lock out the user after the number of maximum number of login attempts.
If you implement electronic signatures, you must enable login tracking.
From the Select Action menu, select Security Controls.
In the Login Tracking section of the Security Controls dialog box, select the Enable Login Tracking? check box.
In the Login Attempts Allowed field, enter the number of times a user can incorrectly enter their user name or password before being blocked.
In the Password lasts this Number of Days field, enter the number of days a user password is valid. If you do not want passwords to expire, leave this field empty.
In the Days Before Password Expires to Warn User, enter the number of days before the user receives an expiration warning message.
In the Days Before Previously Used Password can be Reused, enter the number of days before a user can use a previously used password. If this value is 0, the system does not check for password reuse.
Click OK.
From the Select Action menu, select Security Controls.
In the Login Tracking section of the Security Controls dialog box, clear the Enable Login Tracking? check box.
Click OK.
Duration of password, in days. If you do not want passwords to expire, leave the Password Lasts this Number of Days field empty.
Advance warning of password expiration - To have the system notify users X days before password expiration, enter a value in the Days Before Password Expires to Warn User field.
Days before previously used password can be reused - If you do not want the system to check for password reuse, enter 0 in the Days Before Previously Used Password Can Be Used Again field.
Note: When you use an application server for authentication, the directory manages user creation. You can set properties to let user creation be performed directly in the system. The settings of these properties result in certain features being enabled or disabled in the system. See the IBM® Maximo® System Administrator Guide for additional information.