Failed Login Policy Question
I'm trying to decide on the best settings for the Failed Login Policy (we've been running Zimbra for 3+ years and have yet to enable this!) and I have a question about functionality.
Let's say I configure the following settings:
Number of consecutive failed logins allowed: 5
Time to lockout the account: 1 hour
Time window in which the failed logins must occur to lock the account: 24 hours
If a user fails to log in 3 times, but is successful the 4th time, does this mean they will only have two more attempts within the 24 hour period, or does the 24 hour window "reset" with a successful login?
Thanks in advance for any help!