Password guessing is a common type of security attack. In this type of attack, a hacker attempts to log in to a computer using various combinations of usernames and passwords. WebLogic Server provides a set of attributes to protect passwords and user accounts in a security realm. Use this tab to set the attributes.

If a user lockout security event occurs on one node of a cluster, the other nodes in the cluster are notified of the event and the user account is locked on all nodes in the cluster. This features prevents a hacker from systematically breaking into all the nodes in a cluster.

Attribute Label	Description	Value Constraints
LockoutThreshold	The maximum number of consecutive invalid login attempts before account is locked out. When the number of invalid logins within a specified period of time is greater than LockoutThresholdvalue, the user is locked out. For example, with the default setting of 1, the user is locked out on the second consecutive invalid login. With a setting of 2 Attribute: LockoutThreshold	Minimum: 1 Default: 5 Readable: yes
LockoutDuration	The number of minutes that a user account is locked out. Attribute: LockoutDuration	Minimum: 0 Default: 30 Readable: yes
LockoutResetDuration	The number of minutes within which consecutive invalid login attempts cause the user account to be locked out. Attribute: LockoutResetDuration	Minimum: 1 Default: 5 Readable: yes
LockoutCacheSize	The number of invalid login records that the server places in a cache. The server creates one record for each invalid login. Attribute: LockoutCacheSize	Minimum: 0 Default: 5 Readable: yes
LockoutGCThreshold	The maximum number of invalid login records that the server keeps in memory. If the number of invalid login records is equal to or greater than this value, the server's garbage collection purges the records that have expired. A record expires when the user associated with the record has been locked out. The lower the number for this attribute, the more often the server uses its resources to collect garbage. Attribute: LockoutGCThreshold	Minimum: 0 Default: 400 Readable: yes

Attribute Label

Description

Value Constraints

LockoutThreshold

The maximum number of consecutive invalid login attempts before account is locked out. When the number of invalid logins within a specified period of time is greater than LockoutThresholdvalue, the user is locked out. For example, with the default setting of 1, the user is locked out on the second consecutive invalid login. With a setting of 2

Attribute: LockoutThreshold

Minimum: 1

Default: 5

Readable: yes

LockoutDuration

The number of minutes that a user account is locked out.

Attribute: LockoutDuration

Minimum: 0

Default: 30

Readable: yes

LockoutResetDuration

The number of minutes within which consecutive invalid login attempts cause the user account to be locked out.

Attribute: LockoutResetDuration

Minimum: 1

Default: 5

Readable: yes

LockoutCacheSize

The number of invalid login records that the server places in a cache. The server creates one record for each invalid login.

Attribute: LockoutCacheSize

Minimum: 0

Default: 5

Readable: yes

LockoutGCThreshold

The maximum number of invalid login records that the server keeps in memory. If the number of invalid login records is equal to or greater than this value, the server's garbage collection purges the records that have expired. A record expires when the user associated with the record has been locked out.

The lower the number for this attribute, the more often the server uses its resources to collect garbage.

Attribute: LockoutGCThreshold

Minimum: 0

Default: 400

Readable: yes