Update doc (#2276)
This commit is contained in:
parent
525eab006d
commit
53534e066d
|
@ -20,6 +20,15 @@ Go in Manager, ``General Parameters`` » ``Advanced Parameters`` »
|
||||||
``Security`` » ``Brute-force attack protection`` » ``Activation``\ and
|
``Security`` » ``Brute-force attack protection`` » ``Activation``\ and
|
||||||
set to ``On``.
|
set to ``On``.
|
||||||
|
|
||||||
|
- **Parameters**:
|
||||||
|
|
||||||
|
- **Activation**: Enable/disable brute force attack protection
|
||||||
|
- **Lock time**: Waiting time before another login attempt
|
||||||
|
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
|
||||||
|
- **Incremental lock**: Enable/disable incremental lock times
|
||||||
|
- **Incremental lock times**: List of comma separated lock time values in seconds
|
||||||
|
|
||||||
|
|
||||||
Incremental lock time enabled
|
Incremental lock time enabled
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -35,33 +44,29 @@ in ``lemonldap-ng.ini`` [portal] section:
|
||||||
[portal]
|
[portal]
|
||||||
bruteForceProtectionIncrementalTempo = 1
|
bruteForceProtectionIncrementalTempo = 1
|
||||||
|
|
||||||
Lock time increases between each failed login attempt. To modify lock
|
Lock time increases between each failed login attempt after allowed failed logins.
|
||||||
time values ('5 15 60 300 600' seconds by default) or max lock time
|
|
||||||
value (900 seconds by default) edit ``lemonldap-ng.ini`` in [portal]
|
|
||||||
section:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
.. code-block:: ini
|
||||||
|
|
||||||
[portal]
|
[portal]
|
||||||
bruteForceProtectionLockTimes = '5 15 60 300 600'
|
bruteForceProtectionLockTimes = 5, 15, 60, 300, 600
|
||||||
bruteForceProtectionMaxLockTime = 900
|
bruteForceProtectionMaxLockTime = 900
|
||||||
|
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Max lock time value is used by this plugin if a lock time is
|
Max lock time value is used if a lock time is missing
|
||||||
missing (number of failed logins higher than listed lock time values).
|
(number of failed logins higher than listed lock time values).
|
||||||
Lock time values can not be higher than max lock time.
|
Lock time values can not be higher than max lock time.
|
||||||
|
|
||||||
|
|
||||||
Incremental lock time disabled
|
Incremental lock time disabled
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
After ``bruteForceProtectionMaxFailed`` failed login attempts, user must
|
After allowed failed login attempts, user must
|
||||||
wait ``bruteForceProtectionTempo`` seconds before trying to log in
|
wait the lock time before trying to log in again.
|
||||||
again. To modify waiting time (30 seconds by default), MaxAge between
|
To modify delta (MaxAge) between current and last stored
|
||||||
current and last stored failed login (300 seconds by default) or number
|
failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section:
|
||||||
of allowed failed login attempts (3 by default) edit
|
|
||||||
``lemonldap-ng.ini`` in [portal] section:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
.. code-block:: ini
|
||||||
|
|
||||||
|
@ -72,7 +77,12 @@ of allowed failed login attempts (3 by default) edit
|
||||||
|
|
||||||
|
|
||||||
.. attention::
|
.. attention::
|
||||||
|
Number of failed login attempts history might be also higher than
|
||||||
|
number of incremental lock time value plus allowed failed login attempts.
|
||||||
|
Incremental lock time values list will be truncated if not.
|
||||||
|
|
||||||
|
|
||||||
|
.. danger::
|
||||||
Number of failed login attempts stored in history MUST
|
Number of failed login attempts stored in history MUST
|
||||||
be higher than allowed failed logins for this plugin takes effect.
|
be higher than allowed failed logins for this plugin takes effect.
|
||||||
See :doc:`History plugin<loginhistory>`
|
See :doc:`History plugin<loginhistory>`
|
Loading…
Reference in New Issue
Block a user