NF1.0 User Locking
Feature: User Locking
Goal: Security
Sponsor: Trek Global
Description:
This new feature allows to implement user locking on some events:
- Maximum account locking in minutes
- Maximum inactive period in days
- Maximum number of login attempts
- Maximum password age in days
These parameters are configured in "System Configurator" window
- USER_LOCKING_MAX_ACCOUNT_LOCK_MINUTES
- USER_LOCKING_MAX_INACTIVE_PERIOD_DAY
- USER_LOCKING_MAX_LOGIN_ATTEMPT
- USER_LOCKING_MAX_PASSWORD_AGE_DAY
Maximum Login Attempts
How to configure the system to lock the user account at the third failed attempt login:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_LOGIN_ATTEMPT".
2. Set value for field "Configured Value".
* at the third failed attempt, the user account will be locked
3. Log out.
Login with another user, use password or user incorrect.
Try to log in for the fourth time and the system will ask you to contact your system administrator to unlock user's account.
Log in with "GardenAdmin". Use the "Reset Locked Account" process to unlock the user account.
* Now the user will be able to log in.
Maximum Password Age
How to configure the system to lock the user account using maximum password age in days:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_PASSWORD_AGE_DAY".
2. Set value for field "Configured Value".
3. Log out.
Log in with another user. Where value of "Date Password Changed" is more than 30 days ago, in "User" window.
Will be directed to change password screen.
Maximum Inactive Period
How to configure the system to lock the user account using maximum inactive period in days:
1. In "System Configuration" window, find record "USER_LOCKING_MAX_INACTIVE_PERIOD_DAY".
2. Set value for field "Configured Value".
3. Log out.
Log in with another user. Where value of "Date Last Login" is more than 10 days ago, in "User" window.
* Remember to use the "Reset Locked Account" process to unlock the user account
Technical Info: IDEMPIERE-373
See also Warning on Password Expiration
