wiki:CookBook/AccountManagerPluginConfiguration

Version 1 (modified by hasienda, 4 years ago) (diff)

initial content (just a stub)

Cookbook: AccountManagerPlugin configuration

commented sample configurations for common and special use cases

We'll collect some useful configuration examples here to give hints on proper use of available options.

Basic configuration/Kickstart

Advanced configurations

Account Locking

  • new feature, development code will be in trunk soon
  • available options (displayed with default values here):
    login_attempt_max_count = 0
    user_lock_time = 0
    user_lock_max_time = 86400
    user_lock_time_progression = 1
    

Hard Lock-up

login_attempt_max_count = 5
user_lock_time = 0

will have following effect:

  • lock account after 5 successive failed login attempts
  • no lock expiration, so release strictly requires administrator interaction

Fixed login delay

login_attempt_max_count = 3
user_lock_time = 30

will have following effect:

  • lock account after 3 successive failed login attempts
  • timed account locked release 30 seconds after last failed login attempt
  • fixed delay time regardless of number of successive failed login attempts

Modestly progressing login delay

login_attempt_max_count = 2
user_lock_time = 15
user_lock_max_time = 0
user_lock_time_progression = 2

will have following effect:

  • first account lock after 2 successive failed login attempts
  • timed account locked release after a time, that depends on failed login attempt history like so:

Tab.: lock time progression (factor 2)

attempt count delay time in seconds [1]
0 0
1 1 s
2 15 s
3 30 s
4 60 s
5 2 min
6 4 min
7 8 min
8 16 min
9 32 min
10 1h 4 min
.. ..
18 1 d 12 h 25 min
.. ..
26 1 a 23 d
.. ..

[1] time after previous failed login attempt

Aggressively progressing, but limited login delay

login_attempt_max_count = 4
user_lock_time = 10
user_lock_max_time = 86400
user_lock_time_progression = 5

will have following effect:

  • first account lock after 4 successive failed login attempts
  • timed account locked release after a time, that depends on failed login attempt history and is limited to max. 24 hours like so:

Tab.: lock time progression (factor 2)

attempt count delay time in seconds
0 0
1 10 s
2 25 s
3 2 min 5 s
4 10 min 25 s
5 4 h 20 min
6 21 h 42 min
7 24 h [2]
8 24 h
9 24 h
.. ..

[2] limit kicking in here and an any further attempt