Changing the failmode parameter for multifactor authentication

Edit online

The failmode parameter determines how the system responds if a user logs into the system when multifactor authentication is enabled, but the authentication server is unavailable. Failmode setting can be managed by command-line interface (CLI).

Use the failmode parameter in the chauthmultifactorverify command to set one of the following values:

secure: When the authentication server is unavailable, specify this value to prevent any user with multifactor authentication enabled from accessing the system. When a user logs into the system, the login attempt fails.

insecure: When the authentication server is unavailable, specify this value to allow any user with multifactor authentication enabled to access the system. When a user logs into the system, the login attempt succeeds.

Enter the following command to prevent access to the system for users with multifactor authentication enabled:

chauthmultifactorverify -failmode secure

Enter the following command to allow access to the system for user with multifactor authentication enabled:

chauthmultifactorverify -failmode insecure