dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc (#2276)

Browse Source
This commit is contained in:
Christophe Maudoux 2020-08-28 11:54:04 +02:00
parent 525eab006d
commit 53534e066d
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
doc/sources/admin/bruteforceprotection.rst
View File

@ -20,6 +20,15 @@ Go in Manager, ``General Parameters`` » ``Advanced Parameters`` »
``Security`` » ``Brute-force attack protection`` » ``Activation``\ and ``Security`` » ``Brute-force attack protection`` » ``Activation``\ and
set to ``On``. set to ``On``.
- **Parameters**:
- **Activation**: Enable/disable brute force attack protection
- **Lock time**: Waiting time before another login attempt
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
- **Incremental lock**: Enable/disable incremental lock times
- **Incremental lock times**: List of comma separated lock time values in seconds
Incremental lock time enabled Incremental lock time enabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -35,33 +44,29 @@ in ``lemonldap-ng.ini`` [portal] section:
[portal] [portal]
bruteForceProtectionIncrementalTempo = 1 bruteForceProtectionIncrementalTempo = 1
Lock time increases between each failed login attempt. To modify lock Lock time increases between each failed login attempt after allowed failed logins.
time values ('5 15 60 300 600' seconds by default) or max lock time
value (900 seconds by default) edit ``lemonldap-ng.ini`` in [portal]
section:
.. code-block:: ini .. code-block:: ini
[portal] [portal]
bruteForceProtectionLockTimes = '5 15 60 300 600' bruteForceProtectionLockTimes = 5, 15, 60, 300, 600
bruteForceProtectionMaxLockTime = 900 bruteForceProtectionMaxLockTime = 900
.. note:: .. note::
Max lock time value is used by this plugin if a lock time is Max lock time value is used if a lock time is missing
missing (number of failed logins higher than listed lock time values). (number of failed logins higher than listed lock time values).
Lock time values can not be higher than max lock time. Lock time values can not be higher than max lock time.
Incremental lock time disabled Incremental lock time disabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After ``bruteForceProtectionMaxFailed`` failed login attempts, user must After allowed failed login attempts, user must
wait ``bruteForceProtectionTempo`` seconds before trying to log in wait the lock time before trying to log in again.
again. To modify waiting time (30 seconds by default), MaxAge between To modify delta (MaxAge) between current and last stored
current and last stored failed login (300 seconds by default) or number failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section:
of allowed failed login attempts (3 by default) edit
``lemonldap-ng.ini`` in [portal] section:
.. code-block:: ini .. code-block:: ini
@ -72,7 +77,12 @@ of allowed failed login attempts (3 by default) edit
.. attention:: .. attention::
Number of failed login attempts history might be also higher than
number of incremental lock time value plus allowed failed login attempts.
Incremental lock time values list will be truncated if not.
.. danger::
Number of failed login attempts stored in history MUST Number of failed login attempts stored in history MUST
be higher than allowed failed logins for this plugin takes effect. be higher than allowed failed logins for this plugin takes effect.
See :doc:`History plugin<loginhistory>` See :doc:`History plugin<loginhistory>`