Hi All, is there someone that can give me some tips to implement
*temporary account lockout after 3 consecutive failed login attempts*?
It seems that authentication throttling is something really different.
If I got it, authentication throttling is used to temporary inhibit
successful authentication attempts after a failed one.
For example, with a configuration like as
* *failureThreshold*: 3
* *failureRangeInSeconds*: 300
If a failed authentication attempt occurs, all the following attempts
will fails (resulting in 423) for 100 seconds (300/3 -> *thresholdRate*
0.01).
As anticipated, I would lockout a user after 3 consecutive failed login
attempts occurred within 60 seconds. Is it possible?
Thank you in advance for your help.
BR,
F.
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm
Apache Syncope PMC
http://people.apache.org/~fmartelli/
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a4e9a50-f57d-6c87-9383-39123efcd62f%40gmail.com.
