> What I actually want, is to allow 3 login attempts per interval of 30 > minutes.
That's a rate of 3/1800 logins/sec, which is what you have configured below. If you want a lockout to last 30 minutes after 3 failed attempts, it's not possible. The throttles enforce an instantaneous failure rate in seconds, so if the user lingers for a period of time whereby the next authentication causes the rate to be above the throttle threshold, authentication will succeed. You will have to study the test cases in the source for further information, but I can assure you that given the model above they work as expected. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
