Hello,
I'm trying to find where to set (or at least verify the default setting) for the number of password attempts for Peer users and SolidCP login account users before the account gets locked out.
In WebsitePanel, this was located in Policies > WebsitePanel Policy. SolidCP has an equivalent setting area, but the setting itself is not there.
Any idea where this setting is located?
In SolidCP, the setting for the number of password attempts before a user account gets locked out can typically be found in the administration settings, but it may not be directly visible in the same way as it was in WebsitePanel.
To check or set this configuration:
- Log into the SolidCP Admin Panel.
- Navigate to the "Settings" section. This is usually found in the left sidebar.
- Look for "Security" or "User Policies." This area often contains settings related to password policies and lockout settings.
- Check for "Account Lockout" policies. You might find options related to maximum failed login attempts and lockout duration.
There is a "System Settings" section in the left hand navigation, but no User or Security options within it. I did poke around the web UI quite a bit before making this post, as well as in the application files and within the SolidCP database.
I also checked the "Policies" option under "Settings". This is the on the bottom right side of the administrator's Home screen in my case.
There is a "SolidCP Policies" section within "Settings". There are options there for setting password complexity and age, but nothing regarding lockout settings.
Under "Hosted Organization Policies", there are similar settings for password complexity and age, but there's an additional checkbox to enable "Password Lockout" settings, with options to configure exactly what I'm looking for. However, it's my understanding this would apply to AD users within the hosted organizations managed by SolidCP, not SolidCP administrator or peer accounts. I'm looking for exactly those settings, but ones that would apply to the accounts within SolidCP itself rather than the accounts of the servers/services it manages.
