Changes between Initial Version and Version 1 of CookBook/AccountManagerPluginConfiguration


Ignore:
Timestamp:
Nov 25, 2010, 11:33:52 PM (13 years ago)
Author:
Steffen Hoffmann
Comment:

initial content (just a stub)

Legend:

Unmodified
Added
Removed
Modified
  • CookBook/AccountManagerPluginConfiguration

    v1 v1  
     1[[PageOutline(2-5,content)]]
     2
     3= Cookbook: AccountManagerPlugin configuration =
     4commented sample configurations for common and special use cases
     5
     6We'll collect some useful configuration examples here to give hints on proper use of available options.
     7
     8== Basic configuration/Kickstart ==
     9
     10
     11== Advanced configurations ==
     12=== Account Locking ===
     13 * new feature, development code will be in `trunk` soon
     14 * available options (displayed with default values here):
     15{{{
     16login_attempt_max_count = 0
     17user_lock_time = 0
     18user_lock_max_time = 86400
     19user_lock_time_progression = 1
     20}}}
     21
     22==== Hard Lock-up ====
     23{{{
     24login_attempt_max_count = 5
     25user_lock_time = 0
     26}}}
     27will have following effect:
     28 * lock account after 5 successive failed login attempts
     29 * no lock expiration, so release strictly requires administrator interaction
     30
     31==== Fixed login delay ====
     32{{{
     33login_attempt_max_count = 3
     34user_lock_time = 30
     35}}}
     36will have following effect:
     37 * lock account after 3 successive failed login attempts
     38 * timed account locked release 30 seconds after last failed login attempt
     39 * fixed delay time regardless of number of successive failed login attempts
     40
     41==== Modestly progressing login delay ====
     42{{{
     43login_attempt_max_count = 2
     44user_lock_time = 15
     45user_lock_max_time = 0
     46user_lock_time_progression = 2
     47}}}
     48will have following effect:
     49 * first account lock after 2 successive failed login attempts
     50 * timed account locked release after a time, that depends on failed login attempt history like so:
     51
     52Tab.: lock time progression (factor 2)
     53||attempt count ||delay time in seconds ^[1]^||
     54||0 ||0
     55||1 ||1 s ||
     56||2 ||15 s ||
     57||3 ||30 s ||
     58||4 ||60 s ||
     59||5 ||2 min ||
     60||6 ||4 min ||
     61||7 ||8 min ||
     62||8 ||16 min ||
     63||9 ||32 min ||
     64||10 ||1h 4 min ||
     65||.. ||.. ||
     66||18 ||1 d 12 h 25 min||
     67||.. ||.. ||
     68||26 ||1 a 23 d ||
     69||.. ||.. ||
     70^[1]^ time after previous failed login attempt
     71
     72==== Aggressively progressing, but limited login delay ====
     73{{{
     74login_attempt_max_count = 4
     75user_lock_time = 10
     76user_lock_max_time = 86400
     77user_lock_time_progression = 5
     78}}}
     79will have following effect:
     80 * first account lock after 4 successive failed login attempts
     81 * timed account locked release after a time, that depends on failed login attempt history and is limited to max. 24 hours like so:
     82
     83Tab.: lock time progression (factor 2)
     84||attempt count ||delay time in seconds ||
     85||0 ||0 ||
     86||1 ||10 s ||
     87||2 ||25 s ||
     88||3 ||2 min 5 s ||
     89||4 ||10 min 25 s ||
     90||5 ||4 h 20 min ||
     91||6 ||21 h 42 min ||
     92||7 ||24 h ^[2]^||
     93||8 ||24 h ||
     94||9 ||24 h ||
     95||.. ||.. ||
     96
     97^[2]^ limit kicking in here and an any further attempt