V-38501: The system must disable accounts after excessive login failures within a 15-minute interval.
-----------------------------------------------------------------------------------------------------

Locking out user accounts after a number of incorrect attempts within a
specific period of time prevents direct password guessing attacks.

Details: `V-38501 in STIG Viewer`_.

.. _V-38501 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38501

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38501.rst