Secure Global Desktop 4.31 Administration Guide > Users and authentication > Denying users access to Secure Global Desktop after failed login attempts

Denying users access to Secure Global Desktop after failed login attempts

By enabling a login failure handler, Administrators can deny users access to Secure Global Desktop after three failed login attempts. This additional security measure only works if users have ENS person objects.

To enable the login failure handler:

1. On the command line, type:
   tarantella config edit --tarantella-config-components-loginfailurehandler 1
2. Then type:
   tarantella config edit --tarantella-config-components-loginfailurefilter 1

Notes on enabling the login failure handler

• If you enable this functionality and a user does not have an ENS person object, they will still be able to log in to Secure Global Desktop.
• The number of login attempts is local to each Secure Global Desktop server and is not copied across the array. Only when the login limit is reached on a server, is the user denied access across the array. For example, a user could try to log in on each Secure Global Desktop server two times, but only when they fail for the third time on a server will they be denied access to the other members of the array.
• If a user is denied access, they are only denied access to Secure Global Desktop. They are not denied access to the host on which Secure Global Desktop is installed.
• When a user is denied access, Secure Global Desktop unchecks the May log in to Secure Global Desktop (--enabled false) checkbox for the user's person object in Object Manager. To give a user access again, you only need to re-check this check box (--enabled true).
• For security reasons, users are not given any indication that their account has been disabled. They see the same message as if they'd typed an incorrect password.

Can I change the number of login attempts users get?

Yes, the number of login attempts users get is configurable. To change the number of login attempts:

1. Log in to the primary Secure Global Desktop server.
2. Stop the primary Secure Global Desktop server. On the command line, type:
   tarantella stop.
3. Set the number of login attempts. On the command line, type:
   tarantella config edit --com.sco.tta.server.login.LoginFailureHandler.properties-attemptsallowed number.
4. Start the primary Secure Global Desktop server. On the command line, type:
   tarantella start.
5. Do a warm restart of all secondary Secure Global Desktop servers (tarantella restart --warm).

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.