3.1 Changing the Default Login Disable Values

By default, an administrator’s account is disabled for 60 seconds after he or she unsuccessfully attempts to log in three times. You can change the number of login tries and the timeout length by editing a configuration file. The changes are only applied to the instance of ZENworks Control Center being run from the server where you open and modify the configuration file. To make the change applicable to all ZENworks Primary Servers, you must make the same change in each server’s copy of this file.

IMPORTANT:Login attempts per administrator account are maintained in the ZENworks database, and there is only one ZENworks database per Management Zone. Therefore, if a particular administrator unsuccessfully attempts to log in to one Primary Server, that administrator is locked out of all Primary Servers in the zone. The lockout period is determined by the configuration on the server where the login attempts failed.

To modify the login tries and timeout values:

  1. In a text editor, open the following file:

    Windows: installation_location\microfocus\zenworks\conf\datamodel\zdm.xml

    Linux: /etc/opt/microfocus/zenworks/datamodel/zdm.xml

  2. Add the following lines to the file:

    <entry key="allowedLoginAttempts">5</entry>
    <entry key="lockedOutTime">300</entry>

    The 5 in this example represents the number of retries before disabling login, and 300 represents the number of seconds (the default is 60 seconds, or 1 minute).

    Keep in mind that the longer the delay before allowing a re-login after the configured number of failures (such as 5), the longer your authorized administrators must wait to access ZENworks Control Center.

    IMPORTANT:If you enter 0 as the login attempts value, the lockout functionality is disabled, allowing unlimited attempts at logging in.

  3. Save the file, then restart the zenloader and zenserver services on the Primary Server to make the changes effective.

    For instructions on restarting the services, see Restarting the ZENworks Services in the ZENworks Primary Server and Satellite Reference.

Following are the two properties which can be configured in osp-configuration.properties:

The osp-configuration.properties is available in the following location:

  • On Windows: %ZENSERVER_HOME%\conf\security\osp

  • On Linux: /etc/opt/microfocus/zenworks/security/osp

Account Lockout: This properties can be added in osp-configuration.properties to control the delay between invalid logging attempt and OSP response time. i.e OSP adds a random delay between min and max values specified in milliseconds before it responds when there is invalid login attempt.

  • com.microfocus.zenworks.osp.security.max.delay=5000

  • com.microfocus.zenworks.osp.security.min.delay=100

Access Token and Refresh Token timeout: Following properties control the access token and refresh token timeout (in millisecond)

  • com.microfocus.zenworks.oauth.zcc.accessTokenTTL=86400

  • com.microfocus.zenworks.oauth.zcc.refreshTokenTTL=2592000