Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Peter_Z's avatar
Peter_Z
Icon for Cirrus rankCirrus
15 years ago

How to set maximum failed logon attempts

Hello,     I didn't find a way how to modify default value for maximum failed logon attempts. I guess modifying config file is not the right way since v9.4.x.     Can you help how could I...
management
monitoring
Peter_Z's avatar
Peter_Z
Icon for Cirrus rankCirrus
15 years ago
We're using local authentication (no LDAP, TACACS...). The config is stored in local/system-auth (symbolic link exists: /etc/pam.d/system-auth) and looks like this:

 

 

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=BIG-IP minlen=7 dcredit=-1 ucredit=-0 lcredit=-1 ocredit=-0

 

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=8 min_days=1 max_days=60 warn_age=7

 

 

The highlighted values were changed from the GUI and saved by the system to this file (default values were different). I guess the retry option sets the failed logon attempts, but I did not figure out how to change it from GUI or via bigpipe command.