Prevent a user from connecting after exceeding the maximum failed login
attempts.
Task
The system can be set to automatically lock an account if a user fails to enter
valid login credentials after a specified number of attempts. Once locked, the user
cannot connect, even if valid credentials are subsequently entered; the account remains
locked until it is manually unlocked. The MAX_FAILED_LOGIN_ATTEMPTS login policy option
controls the number of sequential failed attempts before the user account is locked. You
can set this value in a new or existing login policy, including the root login policy,
and it then applies to all users assigned the login policy.
Example
This example creates a new login policy named
lp, which
automatically locks a user account after five failed
attempts:
CREATE LOGIN POLICY lp max_failed_login_attempts=5
This example modifies an existing login policy named
exist_lp which
automatically locks a user. account after five failed
attempts:
ALTER LOGIN POLICY lp max_failed_login_attempts=5
This example assigns the login policy
lp to user
John:
ALTER USER John LOGIN POLICY lp
Once John is assigned the lp login policy, he
cannot log in if he enters invalid credentials five times in sequence.