TIC Commands 445
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
For tracking purposes, passwords are not deleted from the history database after becoming ’irrelevant’. A
period of time that the password cannot be changed (according to the history table) must be configured.
By increasing a password ’s relevance for tracking purposes by a number of days, it may cause the
irrelevant password to be relevant again.
Example
The following example configures the number of days that a password is relevant for tracking its
password history to 120.
passwords lockout
The passwords lockout Global Configuration mode command sets the number of failed login attempts
before a user account is locked. Use the no form of this command to remove this condition.
Syntax
•
passwords lockout
number
• no passwords lockout
•
number —
Number of failed login attempts before the user account is locked. (Range: 1 - 5)
Default Configuration
No locked user account due to failed login attempts.
Command Mode
Global Configuration mode.
User Guidelines
• Relevant to local user passwords, line passwords, and enable passwords.
• The user account can still access the local console.
• A different administrator, with privilege level 15, can release a locked account by using the
set
username active
command.
Example
The following example configures the number of failed login attempts before a user account is locked to 3.
Console(config)# passwords history hold-time 120
Console(config)# passwords lockout 3
book.book Page 445 Thursday, December 18, 2008 7:40 PM