Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Local user lockdown for 6 Password try fails for 30 minutes

Avatar

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile
czhang1970
Level 1

27-05-2021

Request for Feature Enhancement (RFE) Summary:  
Use-case: Local user lockdown for 6 Password try fails for 30 minutes
Current/Experienced Behavior: No such OOBT feature 
Improved/Expected Behavior: Local user lockdown for 6 Password try fails for 30 minutes
Environment Details (AEM version/service pack, any other specifics if applicable): All AEM/AMS instances
Customer-name/Organization name: Canadiantire Corp
Screenshot (if applicable):  
Code package (if applicable):  
7 Comments

Avatar

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile
clatimier
Employee

15-06-2021

Hello @czhang1970 

Thanks for proposing this enhancement

Could you please elaborate on what would be the business case to have such a lock mechanism added in the product?

 

Status changed to: Needs Info

Avatar

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile
czhang1970
Level 1

15-06-2021

Canadian Tire has such password policy for all the systems. e.g. We have VPN credential for each employee. If the error pwd is entered 3 times. We lockdown this account for 30 minutes. This will reduce the workload for helpdesk to unlock the account and protect the password being breached.

 

We would need the same functions provided by AEM for local accounts. The federated accounts are fine since the authentication will happen in CTC side.

Avatar

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile
clatimier
Employee

24-06-2021

Hello @czhang1970 

Thanks for the information provided

After information taken, having such a process in place could represent some security risk where accounts could be frozen using Denial Of Service

As you are mentioning that Federated accounts are fine, are you using AEM Cloud service?
In which case, the admin user password is generated during the environment creation, and having local users is not recommended, hence this should not be a problem here.

 

Status changed to: Needs Info

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,356 likes

Total Posts

6,832 posts

Correct reply

1,150 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,356 likes

Total Posts

6,832 posts

Correct reply

1,150 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

10-08-2021

@czhang1970 Do you have more information to be shared? 

 

Avatar

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile
czhang1970
Level 1

28-09-2021

Hi @kautuk_sahni 

 

We still need to have several local accounts --

 

e.g. ctcadmin besides OOBT "admin" account, impoteraccount for service push data to authoring instance using basic authentication.

 

In this case, is this lockout feature is required for security enhancement. Is this feature request feasible? If yes, when will we expect it go with new SP?

 

Thanks

 

Charlie

 

Avatar

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
czhang1970
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Shape 1
View profile
czhang1970
Level 1

28-09-2021

Also, the authoring instances are protected by FW and not public facing, so don't expect Denial Of Service 

Avatar

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile

Avatar
Employee
clatimier
Employee

Likes

0 likes

Total Posts

0 posts

Correct reply

0 solutions
View profile
clatimier
Employee

19-10-2021

Hi @czhang1970 

Unfortunately as I mentioned in my previous comment, this request will not be considered by the engineering team due to the security concerns shared

Status changed to: Declined