Does WAS reset userids which get locked out? - Websphere

This is a discussion on Does WAS reset userids which get locked out? - Websphere ; I am testing against a WAS server 6.1.0.17 running on Windows Server 2003 R2 where I run some simple web services. One of my tests sends a user name token with an incorrect password. I usually get an exception returned ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Does WAS reset userids which get locked out?

  1. Does WAS reset userids which get locked out?

    I am testing against a WAS server 6.1.0.17 running on Windows Server
    2003 R2 where I run some simple web services.

    One of my tests sends a user name token with an incorrect password.

    I usually get an exception returned containing

    com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC6510E:
    Failed to login: com.ibm.websphere.security.auth.WSLoginFailedExcep tion:
    Authentication failed for user user2 with the following error message
    Logon failure: unknown user name or bad password.
    844



    After a few executions of this test I get

    com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC6510E:
    Failed to login: com.ibm.websphere.security.auth.WSLoginFailedExcep tion:
    Authentication failed for user user2 with the following error message
    The referenced account is currently locked out and may not be logged on
    to.
    1531


    This second exception seems to suggest that the user is now locked out -
    perhaps due to too many failed attempts.
    I get this exception for any tests which run in the following half hour.

    However tests running after that half an hour get the original exception.

    This suggests that the user is getting automaically reset.

    Am I correct and if so who does the reset? Is it Windows or WAS ??


    Tony Glombek

  2. Re: Does WAS reset userids which get locked out?

    Tony Glombek wrote:
    > I am testing against a WAS server 6.1.0.17 running on Windows Server
    > 2003 R2 where I run some simple web services.
    >
    > One of my tests sends a user name token with an incorrect password.
    >
    > I usually get an exception returned containing
    >
    > com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC6510E:
    > Failed to login: com.ibm.websphere.security.auth.WSLoginFailedExcep tion:
    > Authentication failed for user user2 with the following error message
    > Logon failure: unknown user name or bad password.
    > 844

    >
    >
    > After a few executions of this test I get
    >
    > com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC6510E:
    > Failed to login: com.ibm.websphere.security.auth.WSLoginFailedExcep tion:
    > Authentication failed for user user2 with the following error message
    > The referenced account is currently locked out and may not be logged on
    > to.
    > 1531

    >
    > This second exception seems to suggest that the user is now locked out -
    > perhaps due to too many failed attempts.
    > I get this exception for any tests which run in the following half hour.
    >
    > However tests running after that half an hour get the original exception.
    >
    > This suggests that the user is getting automaically reset.
    >
    > Am I correct and if so who does the reset? Is it Windows or WAS ??
    >
    >
    > Tony Glombek


    It's Windows or whatever registry you are using. WAS doesn't store or
    lock out userids.

    Ken

  3. Re: Does WAS reset userids which get locked out?

    Ken Hygh wrote:
    >
    > It's Windows or whatever registry you are using. WAS doesn't store or
    > lock out userids.
    >
    > Ken


    Thanks .. found the place to configure the lockout in windows

    Tony

+ Reply to Thread