| 1 | [[PageOutline(2-5,content)]] |
| 2 | |
| 3 | = Cookbook: AccountManagerPlugin configuration = |
| 4 | commented sample configurations for common and special use cases |
| 5 | |
| 6 | We'll collect some useful configuration examples here to give hints on proper use of available options. |
| 7 | |
| 8 | == Basic configuration/Kickstart == |
| 9 | |
| 10 | |
| 11 | == Advanced configurations == |
| 12 | === Account Locking === |
| 13 | * new feature, development code will be in `trunk` soon |
| 14 | * available options (displayed with default values here): |
| 15 | {{{ |
| 16 | login_attempt_max_count = 0 |
| 17 | user_lock_time = 0 |
| 18 | user_lock_max_time = 86400 |
| 19 | user_lock_time_progression = 1 |
| 20 | }}} |
| 21 | |
| 22 | ==== Hard Lock-up ==== |
| 23 | {{{ |
| 24 | login_attempt_max_count = 5 |
| 25 | user_lock_time = 0 |
| 26 | }}} |
| 27 | will have following effect: |
| 28 | * lock account after 5 successive failed login attempts |
| 29 | * no lock expiration, so release strictly requires administrator interaction |
| 30 | |
| 31 | ==== Fixed login delay ==== |
| 32 | {{{ |
| 33 | login_attempt_max_count = 3 |
| 34 | user_lock_time = 30 |
| 35 | }}} |
| 36 | will have following effect: |
| 37 | * lock account after 3 successive failed login attempts |
| 38 | * timed account locked release 30 seconds after last failed login attempt |
| 39 | * fixed delay time regardless of number of successive failed login attempts |
| 40 | |
| 41 | ==== Modestly progressing login delay ==== |
| 42 | {{{ |
| 43 | login_attempt_max_count = 2 |
| 44 | user_lock_time = 15 |
| 45 | user_lock_max_time = 0 |
| 46 | user_lock_time_progression = 2 |
| 47 | }}} |
| 48 | will have following effect: |
| 49 | * first account lock after 2 successive failed login attempts |
| 50 | * timed account locked release after a time, that depends on failed login attempt history like so: |
| 51 | |
| 52 | Tab.: lock time progression (factor 2) |
| 53 | ||attempt count ||delay time in seconds ^[1]^|| |
| 54 | ||0 ||0 |
| 55 | ||1 ||1 s || |
| 56 | ||2 ||15 s || |
| 57 | ||3 ||30 s || |
| 58 | ||4 ||60 s || |
| 59 | ||5 ||2 min || |
| 60 | ||6 ||4 min || |
| 61 | ||7 ||8 min || |
| 62 | ||8 ||16 min || |
| 63 | ||9 ||32 min || |
| 64 | ||10 ||1h 4 min || |
| 65 | ||.. ||.. || |
| 66 | ||18 ||1 d 12 h 25 min|| |
| 67 | ||.. ||.. || |
| 68 | ||26 ||1 a 23 d || |
| 69 | ||.. ||.. || |
| 70 | ^[1]^ time after previous failed login attempt |
| 71 | |
| 72 | ==== Aggressively progressing, but limited login delay ==== |
| 73 | {{{ |
| 74 | login_attempt_max_count = 4 |
| 75 | user_lock_time = 10 |
| 76 | user_lock_max_time = 86400 |
| 77 | user_lock_time_progression = 5 |
| 78 | }}} |
| 79 | will have following effect: |
| 80 | * first account lock after 4 successive failed login attempts |
| 81 | * timed account locked release after a time, that depends on failed login attempt history and is limited to max. 24 hours like so: |
| 82 | |
| 83 | Tab.: lock time progression (factor 2) |
| 84 | ||attempt count ||delay time in seconds || |
| 85 | ||0 ||0 || |
| 86 | ||1 ||10 s || |
| 87 | ||2 ||25 s || |
| 88 | ||3 ||2 min 5 s || |
| 89 | ||4 ||10 min 25 s || |
| 90 | ||5 ||4 h 20 min || |
| 91 | ||6 ||21 h 42 min || |
| 92 | ||7 ||24 h ^[2]^|| |
| 93 | ||8 ||24 h || |
| 94 | ||9 ||24 h || |
| 95 | ||.. ||.. || |
| 96 | |
| 97 | ^[2]^ limit kicking in here and an any further attempt |