Browse Prior Art Database

User Account Lockout

IP.com Disclosure Number: IPCOM000110701D
Original Publication Date: 1992-Dec-01
Included in the Prior Art Database: 2005-Mar-25
Document File: 1 page(s) / 49K

Publishing Venue

IBM

Related People

Herrick, TR: AUTHOR [+3]

Abstract

In the prior art, users attempting to logon to the network through the logon program interface were given three tries before being forced out of the dialog and returned to the command line. However, users could immediately re-enter the logon dialog for another three attempts. For applications using the prior art programming interface, there was no attempt restriction. If, during a logon attempt, the passwords were found to be different, the API would block for ten seconds (a so-called intruder delay). However, since this was done per thread, a multi-threaded application attempting to logon the same userid would not be significantly inhibited by this delay.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 80% of the total text.

User Account Lockout

      In the prior art, users attempting to logon to the network
through the logon program interface were given three tries before
being forced out of the dialog and returned to the command line.
However, users could immediately re-enter the logon dialog for
another three attempts.  For applications using the prior art
programming interface, there was no attempt restriction.  If, during
a logon attempt, the passwords were found to be different, the API
would block for ten seconds (a so-called intruder delay).  However,
since this was done per thread, a multi-threaded application
attempting to logon the same userid would not be significantly
inhibited by this delay.

      Network administrators require a method of locking out a user
account after repeated failed logon attempts.  The logon server
targetted by the request would use the values of two new Server
service parameters to configure when and if a user account should be
locked. These parameters would be:

      LogonAttempts - the number of logon attempts before the user
account is locked.  LogonAlert - yes/no: should an admin alert be
issued if an account is locked?
Example:
net start server /LogonAttempts:3 /LogonAlert:yes

      If three failed logon attempts for a userid occur, lock the
account and issue an admin alert.

      The number of failed logon requests is already tracked, but not
utilized.  This information would be used to determine when to lock
the account...