Note: This article is applicable only to the administrators of Symantec Encryption Management Server 3.4.1 Maintenance Pack 2 or later.
For enhanced security, administrators can configure Symantec Encryption Management Server to impose a maximum number of failed logon attempts to the server. Additionally, starting from the Symantec Encryption Management Server 3.4.1 Maintenance Pack 2 release, administrators can configure Symantec Encryption Management Server to display a CAPTCHA on the Login page after a certain number of failed logon attempts. This feature protects administrator accounts and Symantec Encryption Management Server against unauthorized access using the brute-force attack.
By default, CAPTCHA for failed logon attempts is enabled, and the number of failed logon attempts is set to three. For example, if repeated attempts are made to log on to the Symantec Encryption Management Server with incorrect passwords, a CAPTCHA is displayed automatically on the login screen after the third failed logon attempt. For every following attempt to log on, the displayed CAPTCHA letters must also be entered. Though the CAPTCHA is set to appear after three failed logon attempts by default, administrators can configure Symantec Encryption Management Server to modify the default values to meet their security requirements.
To configure CAPTCHA for failed logon attempts
Open the /etc/ovid/omf.propertiesfile in edit mode.
Set the value of the omf.admin.failed.attempts.before.captchaproperty to a number greater than zero. This value specifies the number of failed login attempts that must occur before the CAPTCHA is displayed.
Note: The default value of the omf.admin.failed.attempts.before.captchaproperty is set to 3. If the value of the omf.admin.failed.attempts.before.captcha propertyis set to 0 (zero), CAPTCHA is always displayed on the Login page.
Save the changes in the/etc/ovid/omf.propertiesfile.
(Optional) In a server cluster setup, run the following command to replicate the new settings on the other cluster members:
/usr/bin/pgprepctl file /etc/ovid/omf.properties
To apply the changes made, restart the Apache Tomcat service, run the following command on the server that you updated:
pgpsysconf --restart tomcat
Subscribing will provide email updates when this Article is updated. Login is required.