From 53534e066d3ad6002d34bf4870cbb54dd727ab6a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 28 Aug 2020 11:54:04 +0200 Subject: [PATCH] Update doc (#2276) --- doc/sources/admin/bruteforceprotection.rst | 36 ++++++++++++++-------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/doc/sources/admin/bruteforceprotection.rst b/doc/sources/admin/bruteforceprotection.rst index ba33548b3..5e4288d47 100644 --- a/doc/sources/admin/bruteforceprotection.rst +++ b/doc/sources/admin/bruteforceprotection.rst @@ -20,6 +20,15 @@ Go in Manager, ``General Parameters`` » ``Advanced Parameters`` » ``Security`` » ``Brute-force attack protection`` » ``Activation``\ and set to ``On``. +- **Parameters**: + + - **Activation**: Enable/disable brute force attack protection + - **Lock time**: Waiting time before another login attempt + - **Allowed failed login**: Number of failed login attempts allowed before account is locked + - **Incremental lock**: Enable/disable incremental lock times + - **Incremental lock times**: List of comma separated lock time values in seconds + + Incremental lock time enabled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -35,33 +44,29 @@ in ``lemonldap-ng.ini`` [portal] section: [portal] bruteForceProtectionIncrementalTempo = 1 -Lock time increases between each failed login attempt. To modify lock -time values ('5 15 60 300 600' seconds by default) or max lock time -value (900 seconds by default) edit ``lemonldap-ng.ini`` in [portal] -section: +Lock time increases between each failed login attempt after allowed failed logins. .. code-block:: ini [portal] - bruteForceProtectionLockTimes = '5 15 60 300 600' + bruteForceProtectionLockTimes = 5, 15, 60, 300, 600 bruteForceProtectionMaxLockTime = 900 .. note:: - Max lock time value is used by this plugin if a lock time is - missing (number of failed logins higher than listed lock time values). + Max lock time value is used if a lock time is missing + (number of failed logins higher than listed lock time values). Lock time values can not be higher than max lock time. + Incremental lock time disabled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -After ``bruteForceProtectionMaxFailed`` failed login attempts, user must -wait ``bruteForceProtectionTempo`` seconds before trying to log in -again. To modify waiting time (30 seconds by default), MaxAge between -current and last stored failed login (300 seconds by default) or number -of allowed failed login attempts (3 by default) edit -``lemonldap-ng.ini`` in [portal] section: +After allowed failed login attempts, user must +wait the lock time before trying to log in again. +To modify delta (MaxAge) between current and last stored +failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section: .. code-block:: ini @@ -72,7 +77,12 @@ of allowed failed login attempts (3 by default) edit .. attention:: + Number of failed login attempts history might be also higher than + number of incremental lock time value plus allowed failed login attempts. + Incremental lock time values list will be truncated if not. + +.. danger:: Number of failed login attempts stored in history MUST be higher than allowed failed logins for this plugin takes effect. See :doc:`History plugin` \ No newline at end of file