Forum

This content is now out of date.

Visit Our Community

What happens when “Maximum Password Attempts” is exceeded ?

12 March, 2012

Hi,

I would like to know what happens when “Maximum Password Attempts” is exceeded by a user.

Specifically how can I “unlock” their account after this has happened ?

Is there a way to see which accounts are locked via the Administration interface ?

It would appear that they can log back in the next day and that it doesn’t result in their AD account being locked (we are running with LDAP authentication to AD)? Are they only locked out for a fixed time ? and does this affect their AD account at all ?

thanks

Robin

Hi Robin,

When you have exceeded the maxium login attempts, the user record in the database is flagged as password expired.

There is no way to see a list of locked accounts from the UI, you would need to look at the ‘IpClass’ table for any records that have ‘Password expired = true’.

You would also notice that the password attempts record is higher than specified under Admin > Configuration : Password attempts.

This should not affect the users AD record, and will only store this information against the Yellowfin DB. However this should not reset the next day, once the account is locked, it should stay locked.

In order to reset the accounts, it is recommended that you use the ResetAdmin.jsp please see the post below for more information:

Account has been locked – Reset using ResetAdmin.jsp

However you could also reset the account by modifying the DB;

-Change the password expired record to FALSE

-Change the password attempts to 0

Please let me know how you go.

Regards,

David

Related posts:

How to reset a user account

 

Thanks David,

Robin

So just to be sure, the only method for resetting a user account is to reset the values in ‘IpClass’ table ?

Hi,

When a user account has been locked here are the preferred methods of resetting.

1. Log in as another user (who has admin rights) and reset the password via user management

2. Use the resetadmin.jsp if you have locked out your admin account (and you don’t have any other admin accounts that can login and reset it)

3. Modify the record in the IpClass table ONLY If 1 & 2 fail.

And be sure to have a DB backup as a safety precaution.

Hope this clears it up.

Regards,

David

This is completely ridiculous. The lock status and unlock ought to be built into the administration screens.

Hi,

The lock/unlock status is technically on the admin screen, as you can ‘reset’ the user’s password which unlocks their account.

The reason a user account gets locked, is because they enter an incorrect password multiple times. So it makes sense to actually reset the password and then let the user know of the new password.

Please let us know if you’re having issues with this.

Regards,

David

Also worth reading: