Update doc (#2276)
This commit is contained in:
parent
525eab006d
commit
53534e066d
|
@ -20,6 +20,15 @@ Go in Manager, ``General Parameters`` » ``Advanced Parameters`` »
|
|||
``Security`` » ``Brute-force attack protection`` » ``Activation``\ and
|
||||
set to ``On``.
|
||||
|
||||
- **Parameters**:
|
||||
|
||||
- **Activation**: Enable/disable brute force attack protection
|
||||
- **Lock time**: Waiting time before another login attempt
|
||||
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
|
||||
- **Incremental lock**: Enable/disable incremental lock times
|
||||
- **Incremental lock times**: List of comma separated lock time values in seconds
|
||||
|
||||
|
||||
Incremental lock time enabled
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
@ -35,33 +44,29 @@ in ``lemonldap-ng.ini`` [portal] section:
|
|||
[portal]
|
||||
bruteForceProtectionIncrementalTempo = 1
|
||||
|
||||
Lock time increases between each failed login attempt. To modify lock
|
||||
time values ('5 15 60 300 600' seconds by default) or max lock time
|
||||
value (900 seconds by default) edit ``lemonldap-ng.ini`` in [portal]
|
||||
section:
|
||||
Lock time increases between each failed login attempt after allowed failed logins.
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[portal]
|
||||
bruteForceProtectionLockTimes = '5 15 60 300 600'
|
||||
bruteForceProtectionLockTimes = 5, 15, 60, 300, 600
|
||||
bruteForceProtectionMaxLockTime = 900
|
||||
|
||||
|
||||
.. note::
|
||||
|
||||
Max lock time value is used by this plugin if a lock time is
|
||||
missing (number of failed logins higher than listed lock time values).
|
||||
Max lock time value is used if a lock time is missing
|
||||
(number of failed logins higher than listed lock time values).
|
||||
Lock time values can not be higher than max lock time.
|
||||
|
||||
|
||||
Incremental lock time disabled
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
After ``bruteForceProtectionMaxFailed`` failed login attempts, user must
|
||||
wait ``bruteForceProtectionTempo`` seconds before trying to log in
|
||||
again. To modify waiting time (30 seconds by default), MaxAge between
|
||||
current and last stored failed login (300 seconds by default) or number
|
||||
of allowed failed login attempts (3 by default) edit
|
||||
``lemonldap-ng.ini`` in [portal] section:
|
||||
After allowed failed login attempts, user must
|
||||
wait the lock time before trying to log in again.
|
||||
To modify delta (MaxAge) between current and last stored
|
||||
failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
|
@ -72,7 +77,12 @@ of allowed failed login attempts (3 by default) edit
|
|||
|
||||
|
||||
.. attention::
|
||||
Number of failed login attempts history might be also higher than
|
||||
number of incremental lock time value plus allowed failed login attempts.
|
||||
Incremental lock time values list will be truncated if not.
|
||||
|
||||
|
||||
.. danger::
|
||||
Number of failed login attempts stored in history MUST
|
||||
be higher than allowed failed logins for this plugin takes effect.
|
||||
See :doc:`History plugin<loginhistory>`
|
Loading…
Reference in New Issue
Block a user