I am not aware of an "out-of-the-box" solution, but there is always the possibility to write a custom login module.
So have a look at the source of the DatabaseServerLoginModule
: You could extend it to support a lockout.
- Add a flag in the database which indicates that the last verificatoin was not successful
- Count and store the number of subsequent login failures in the database for a given user ID
- Reset the counter and the flag, if there is a successful verification
- But if the counter reaches a limit, the password verification always returns false, and the flag/counter are not reset.
So you can configure the front end to have account lockout: You just declare it to use form-based authentication. But you have to add some pages to maintain the accounts which are locked (you already have this or need this anyway).