auth.user.allowed-failures-period-length-seconds

Specifies the period over which failed login attempts are tracked.

Key: auth.user.allowed-failures-period-length-seconds
Type: Integer
Can be set in: global.cfg

Description

Set the period over which failed login attempts are tracked (see auth.user.allowed-failures-per-period) per username. If a user has exceeded the allowed failures within the period a delay defined by auth.user.delay-length-seconds) will be applied to subsequent authentication attempts to make brute force password guessing impractical.

Note that this value is read only when Funnelback’s web server is started. After modifying the value, the web server must be restarted for the change to take effect.

Default Value

Track authentication failures over a 5 minute period.

auth.user.allowed-failures-period-length-seconds=300

Examples

Track authentication failures over a 60 second period.

auth.user.allowed-failures-period-length-seconds=60

© 2015- Squiz Pty Ltd