AIX has a security feature named unsuccessful_login_count (/etc/security/lastlog) . It is an user account feature that count the number of unsuccessful login attempts and it works conjunction with the user's loginretries (/etc/security/user) attribute.

So, if you configure the loginretries=5, the user will not be able to log in after 5 retries. To enable the login again, you should reset the unsuccessful_login_count parameter by editing the file /etc/security/lastlog or with the following command:

# chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s foobar

You can identify this problem by the following message in syslog:

May 19 15:42:41 aixbox auth|security:info sshd[7884888]: Login restricted for foobar: 3004-303 There have been too
many unsuccessful login attempts; please see \tthe system administrator.