Add docs on automatic lockout on failed auth attempts.

2024-11-08 01:18:58 +00:00 · 2015-11-19 10:02:21 -07:00 · 2015-11-19 10:02:21 -07:00 · 67b5b9b8d2
commit 67b5b9b8d2
parent 8a3cea4d95
1 changed files with 21 additions and 0 deletions
--- a/salt/proxy/fx2.py
+++ b/salt/proxy/fx2.py
@ -69,6 +69,27 @@ should not need to restart the proxy minion--it should just pick up the
 third password in the list.  You can then change pillar at will to
 move that password to the front and retire the unused ones.

+Beware, many Dell CMC and iDRAC units are configured to lockout
+IP addresses or users after too many failed password attempts.  This can
+generate user panic in the form of "I no longer know what the password is!!!".
+To mitigate panic try the web interface from a different IP, or setup a
+emergency administrator user in the CMC before doing a wholesale
+password rotation.
+
+The automatic lockout can be disabled via Salt with the following:
+
+.. code-block:: bash
+
+    salt <cmc> chassis.cmd set_general cfgRacTuning cfgRacTuneIpBlkEnable 0
+
+and then verified with
+
+.. code-block:: bash
+
+    salt <cmc> chassis.cmd get_general cfgRacTuning cfgRacTuneIpBlkEnable
+
+
+
 salt-proxy
 ----------