We have our authentication tied to AD using the LDAP strategy. Password complexity and lifetime is, as a result, handled by the requirements set by the AD Group Policy. But what about failed login attempts? If a user manages to type in their password incorrectly multiple times (or worse, someone tries to incorrectly guess a user's password multiple times), will it cause their account to become locked within Splunk (and possibly within the underlying OS too?)
If someone is locked out of their LDAP account then they are also locked out of Splunk. However, Splunk is unaware of that. I merely asks the LDAP server if the user is authenticated and if the server responds with "no" then they are not allowed in.
The 'admin' user still has access to Splunk, however, since it is a local account.
If your OS also uses LDAP then the same applies there as well.
--- If this reply helps you, an upvote would be appreciated.
But what if the user (or someone else) types in the user's id and then fails to enter the correct password multiple times. Will the account become locked out?
The specific situation here is that the authentication is tied to the client's AD. If the wrong password is typed in for a user on the Splunk login page multiple (let's say 10 times), will the account become locked either within Splunk, or within AD, or both, or neither?