terminate-on-reauth-lockout
terminate-on-reauth-lockout = {yes|no}
Description
Whether or not to remove the session cache entry of a user who reaches the max-login-failures policy limit during reauthentication.
Options
yes When the maximum number of failed login attempts (specified by the max-login-failures policy) is reached during reauthentication, the user is logged out and the user's session is removed. no When the maximum number of failed login attempts (specified by the max-login-failures policy) is reached during reauthentication, the user is locked out as specified by the disable-time-interval setting, and notified of the lockout as specified by the late-lockout-notification setting. The user is not logged out and the initial login session is still valid. The user can still access other resources that are not protected by a reauthn POP.
Usage: Required.
Default value yes
Example:
terminate-on-reauth-lockout = yes
Parent topic: [reauthentication] stanza