Changes between Version 13 and Version 14 of AccountManagerPlugin/Modules


Ignore:
Timestamp:
Aug 27, 2011, 3:15:02 PM (13 years ago)
Author:
Steffen Hoffmann
Comment:

some more words of explanation on account lock behavior

Legend:

Unmodified
Added
Removed
Modified

  • AccountManagerPlugin/Modules

    v13 v14  
    140140appears in `acct_mgr-0.3`: adds login failure tracking and administrative account locking to protect against brute-force attacks on user passwords
    141141
     142Enabling the guard means, that even legitimated login attempts will get rejected as long as account lock conditions are met. So an account is not reachable for the user while under attack. An admin could still log in (to a different account), check the source(s) of the malicious login attempts and stop them by other means to help the user restore access to his/her account.
     143
    142144See some example configurations it the [wiki:CookBook/AccountManagerPluginConfiguration#AccountLocking cookbook page] and look at screenshot series below to get an idea, how this looks like and is meant to work.
    143145
    144146[[Image(acct_mgr_with_acct-guard_login-failure_v0.3.png)]][[BR]]
    145 Hitting account soft lock condition on login failure
     147Hitting account soft (temporary) lock condition on login failure
    146148
    147149[[Image(acct_mgr-admin_acct-details_v0.3.png)]][[BR]]