auth.user.allowed-failures-per-period

Background

Set the allowed number of failed authentications per period (see auth.user.allowed-failures-period-length-seconds) per username. If a user has exceeded the allowed failures within the period a delay defined by auth.user.delay-length-seconds) will be applied to subsequent authentication attempts to make brute force password guessing impractical.

Note that this value is read only when Funnelback’s web server is started. After modifying the value, the web server must be restarted for the change to take effect.

Setting the key

Set this configuration key in the server configuration.

Use the configuration key editor to add or edit the auth.user.allowed-failures-per-period key, and set the value. This can be set to any valid Integer value.

Default value

Permit the user ten login attempts before any warning is logged.

auth.user.allowed-failures-per-period=10

Examples

Permit the user five login attempts before any warning is logged.

auth.user.allowed-failures-per-period=5