Are there any low-level settings in local Directory Service that can increase the blocking time after typing wrong password?

security password osx-server open-directory directory-utility

I find there's a global policy that can temporarily block/disable a user (only 1 minute) after authenticating with wrong passwords a few times.

But what I want to do is to increase that 1 minute to a longer time, or permanently disable that user. Is it possible?


Try using pwpolicy

pwpolicy -n /Local/Default -setpolicy "minutesUntilFailedLoginReset=3"

This will set the policy of a failed login for a local account to 3 mins between logins.

pwpolicy -n /Local/Default -setpolicy "maxFailedLoginAttempts=1"

This will set the maximum number of failed login attempts to just 1 (IMO this is way to restrictive to account for innocent typos)

Related

What Is The Relationship between "Users & Groups" and /etc/group?
Restoring recovered files from a partition
Found old viruses on a computer running macOS Sierra: what to do now?
Can't select Time Machine disk
2009 MacBook no longer boots after SSD upgrade
Using external USB hard drives via a USB hub connected to a MacBook Air
Why do iPhones sometimes forget battery usage by app (Settings > Battery)?
Does gatekeeper not check apps stored in /Applications/?
Corrupted USB flash drive, cannot initialise or mount
PDF reader on iOS with autosync
Textedit crashed and lost a previously saved file
MacOS Automator: Save new text file in current folder