By default, the storage servers implement a policy where a system account is locked for 10 minutes after any single failed authentication attempt.
To change this threshold, perform this procedure.
# /opt/oracle.cellos/host_access_control pam-auth --status | grep lock_time=
To comply with U.S. Department of Defense security requirements, set the value to 4 seconds. If necessary, replace that value with one that is compliant with your local site policies.
# /opt/oracle.cellos/host_access_control pam-auth --lock 4