IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Edit your environment configuration settings > Tivoli Enterprise Portal Server configuration settings

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Control the number of logon attempts

You can specify the number of attempts a user can make to log into the Tivoli Enterprise Portal by setting the KFW_AUTHORIZATION_MAX_INVALID_LOGIN environment variable.


See the procedures in What to next at the end of this topic to disable a user from accessing the portal, regardless of the KFW_AUTHORIZATION_MAX_INVALID_LOGIN setting. Complete these steps to control the number of logon attempts to the portal server:


Procedure

  1. Open the Tivoli Enterprise Portal Server environment file for editing:

    • In Manage Tivoli Monitoring Services, right-click Tivoli Enterprise Portal Server and click Advanced → Edit ENV File .

    • Change to the install_dir/config directory and open cq.ini in a text editor.

  2. Locate KFW_AUTHORIZATION_MAX_INVALID_LOGIN=0 and specify a value between 0 and 15. The default value of 0 indicates that there is no limit to the number of failed attempts a user can make before they are locked out.

  3. Save and close the environment file.

  4. Click Yes when a message asks if you want to recycle the service; or click No if you prefer to have your changes take effect later by recycling the portal server.


Results

The next time a user attempts to log on to the portal server, the number of logon attempts will be restricted by the value you set KFW_AUTHORIZATION_MAX_INVALID_LOGIN to in the environment file.


What to do next

Security: Validate User

The invalid login setting is effective only when you have enabled security through the hub monitoring server.

You must also enable the Login Lockout feature by turning on the validation setting in the monitoring server configuration file: KDS_VALIDATE_EXT="Y".

The monitoring server configuration files are named hostname_ms_address.config and ms.ini, and are located in the install_dir/config/ directory.

Restoring user access

If a user is locked out, you have two options to restore their access to the Tivoli Enterprise Portal:

  • In the Tivoli Enterprise Portal , click Administer Users and select the user ID. In the Permissions tab, click User Administration and enable Logon Permitted.

  • On the computer where the Tivoli Enterprise Portal Server is installed, run this command line utility to enable or disable access:

    Change directory to install_dir\cnps\ and enter 

      KfwAuthorizationAccountClient.exe ENABLE|DISABLE 
  user_id

    For example, KfwAuthorizationAccountClient.exe disable guest01 locks out the guest01 user until you re-enable the user ID.

    Change directory to install_dir/bin and enter 

      ./itmcmd execute cq "KfwAuthorizationAccountClient
   enable|disable user_name"


Parent topic:

Tivoli Enterprise Portal Server configuration settings

+

Search Tips   |   Advanced Search