dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc (#2276)

Browse Source
This commit is contained in:
Christophe Maudoux 2020-08-28 11:54:04 +02:00
parent 525eab006d
commit 53534e066d
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
doc/sources/admin/bruteforceprotection.rst
View File

@ -20,6 +20,15 @@ Go in Manager, ``General Parameters`` » ``Advanced Parameters`` »
``Security`` » ``Brute-force attack protection`` » ``Activation``\ and
set to ``On``.
- **Parameters**:
- **Activation**: Enable/disable brute force attack protection
- **Lock time**: Waiting time before another login attempt
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
- **Incremental lock**: Enable/disable incremental lock times
- **Incremental lock times**: List of comma separated lock time values in seconds
Incremental lock time enabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -35,33 +44,29 @@ in ``lemonldap-ng.ini`` [portal] section:
[portal]
bruteForceProtectionIncrementalTempo = 1
Lock time increases between each failed login attempt. To modify lock
time values ('5 15 60 300 600' seconds by default) or max lock time
value (900 seconds by default) edit ``lemonldap-ng.ini`` in [portal]
section:
Lock time increases between each failed login attempt after allowed failed logins.
.. code-block:: ini
[portal]
bruteForceProtectionLockTimes = '5 15 60 300 600'
bruteForceProtectionLockTimes = 5, 15, 60, 300, 600
bruteForceProtectionMaxLockTime = 900
.. note::
Max lock time value is used by this plugin if a lock time is
missing (number of failed logins higher than listed lock time values).
Max lock time value is used if a lock time is missing
(number of failed logins higher than listed lock time values).
Lock time values can not be higher than max lock time.
Incremental lock time disabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After ``bruteForceProtectionMaxFailed`` failed login attempts, user must
wait ``bruteForceProtectionTempo`` seconds before trying to log in
again. To modify waiting time (30 seconds by default), MaxAge between
current and last stored failed login (300 seconds by default) or number
of allowed failed login attempts (3 by default) edit
``lemonldap-ng.ini`` in [portal] section:
After allowed failed login attempts, user must
wait the lock time before trying to log in again.
To modify delta (MaxAge) between current and last stored
failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section:
.. code-block:: ini
@ -72,7 +77,12 @@ of allowed failed login attempts (3 by default) edit
.. attention::
Number of failed login attempts history might be also higher than
number of incremental lock time value plus allowed failed login attempts.
Incremental lock time values list will be truncated if not.
.. danger::
Number of failed login attempts stored in history MUST
be higher than allowed failed logins for this plugin takes effect.
See :doc:`History plugin<loginhistory>`