1) Purpose:
CloudStack currently does not provide any check on the incorrect login attempts of users. A user can keep on trying to login to CloudStack without getting disabled.
2) Domains, Accounts and Users:
CloudStack has a tiered structure of Domains, Accounts and Users. A Domain can have multiple accounts and an account can have multiple Users.The first domain created by default is ROOT Domain. The ROOT Domain has a default account named admin.This is the ROOT admin.
For each account created in CloudStack there is also a corresponding User created. Hence the ROOT domain will also have a User called admin.
For more referAccounts, Domains, and Admin explained
3) Restricting Login Attempts:
Global setting incorrect.login.attempts.allowed has a default value of 5 which can be changed to any positive integer.
Except for ROOT admin User and System User, every User can be disabled when the incorrect login attempts equals incorrect.login.attempts.allowed.
4) Functionality:
5) Future Scope: