Show Contents / Index / Search

Authentication Pane

Getting there

Note: The settings on this pane affect all user connections, regardless of the client authentication method used. You can configure additional authentication settings using the Password, Public Key, and GSSAPI / Kerberos V5 panes.

The options are:

Login grace time


Grace time for completion of authentication process (seconds)

Sets the number of seconds allowed for client authentication. If the client fails to authenticate the user within the specified number of seconds, the server disconnects and exits. Use zero (0) to set no limit.



Note: Specifying no limit (0) is not recommended. Unauthenticated connections use up system resources and can lead to a denial-of-service condition.

IP blocking

You can use the following settings to temporarily block connections from any client IP address that has exceeded a specified number of failed attempts. If a particular IP address exceeds the value set for Failed attempts, within the time period specified by Failure time-out, that IP address is blocked for the duration specified by Lockout duration.


  • You can lock out offending addresses permanently from the Client Host Access Control pane.
  • Temporary IP blocking information is stored in memory, and is cleared if the server is restarted.


Failed attempts

Sets a maximum number of failed login attempts permitted from an IP address for the time period specified by the Failure time-out setting. The default is 20.

This information is stored in memory and, if the server is restarted, the count resets to zero (0).


Failure time-out (seconds)

Sets a duration of time, in seconds, during which an IP address is monitored for failed login attempts. The default is 300 seconds (5 minutes).


Lockout duration (seconds)

Sets the number of seconds an IP address remains blocked after the value set for Failed attempts is exceeded. The default is 3600 seconds (one hour).

Related Topics

Client Host Access Control Pane

Client Authentication