Editing a User Authentication Policy

You can edit a user account authentication policy, which consists of the user status, maximum login attempts, and the access window time within which a user must successfully log in. You can also add new access control.

To edit a user authentication policy, follow these steps:

  1. From the Junos Scope main window, click Setting > Users > Authentication Policy. The Authentication Policy dialog box appears.
    Image auth-policy-table.gif
  2. In the Authentication Policy dialog box, click the Edit link in the Action column for the user authentication information you want to edit. The Edit Authentication Policy dialog box appears.
    Image s001431.gif
  3. Edit the authentication policy settings that you want.

    In the Edit Authentication Policy dialog box, the User Name display field displays the name the user uses to log in to the Junos Scope software.

    You can modify the following information in the Edit Authentication Policy dialog box:

    • Status—The user account status: either UNLOCKED (the default) or LOCKED. If a user account status is UNLOCKED, the user can successfully log in to the Junos Scope software by providing a valid username and password. If the account status is LOCKED, the user is denied access to the Junos Scope software, even if the user provides a valid username and password, and is redirected to the “ The user account is currently locked. Please contact the system administrator.” message.
    • Maximum Login Attempts—The maximum number of consecutive failure login attempts allowed within the access window for a user. If a user reaches the maximum number of login attempts, the user status automatically becomes LOCKED. This field can have a value from 0 to 100. If the maximum login attempts is 0, the authentication policy for the user will not be active, the user account will be assumed to be UNLOCKED, and the normal login mechanism will be applied. For the Junos Scope administrator (the initially configured user), the user account is always UNLOCKED.
    • Access Window—The access window for a user account starts when the first login failure occurs for the user account and runs until one of the following occurs:
      • A user successfully logs in. The access window is then reset.
      • A user tries unsuccessfully to log in for the maximum login attempts. The user account is then LOCKED and the access window is reset.

      The Access Window field can have a minimum value of 0 (for example, all the field minute(s), hour(s), second(s) having a value of 0) and a maximum value of 24 hours for example, the hour(s) field can have a maximum value of 24, while the minute(s) and second(s) fields have a value of 0). The default value is 0. However, individually, the hour(s) field can have a value from 0 to 24, the minute(s) field can have a value of from 0 to 59, and the second(s) field can have a value from 0 to 59. If the Access Window field is 0, the authentication policy for the user account will not be active, and the normal login mechanism will always be applied.

      The timer for the access window starts when an invalid login attempt is made on a user account. If a user account is not locked and no further invalid login attempt is tried for that account, the timer for the access window is automatically reset either after a time period equal to the access window or if the user successfully logs in to Junos Scope within the access window period.

      If the authentication policy for a user account is set up with 3 maximum login attempts and a 1-hour access window, the clock for the access window starts at the first unsuccessful attempt when the user types an invalid password to login. If the user makes three unsuccessful attempts within 1 hour, then the user account will be LOCKED at the third unsuccessful attempt and will be redirected to the “ The user account is currently locked. Please see the system administrator.message. Any further attempts by the user to log in using the username, even with a valid password, will be denied.

  4. Click OK.