Version 1 (modified by 13 years ago) (diff) | ,
---|
content
Cookbook: AccountManagerPlugin configuration
commented sample configurations for common and special use cases
We'll collect some useful configuration examples here to give hints on proper use of available options.
Basic configuration/Kickstart
Advanced configurations
Account Locking
- new feature, development code will be in
trunk
soon - available options (displayed with default values here):
login_attempt_max_count = 0 user_lock_time = 0 user_lock_max_time = 86400 user_lock_time_progression = 1
Hard Lock-up
login_attempt_max_count = 5 user_lock_time = 0
will have following effect:
- lock account after 5 successive failed login attempts
- no lock expiration, so release strictly requires administrator interaction
Fixed login delay
login_attempt_max_count = 3 user_lock_time = 30
will have following effect:
- lock account after 3 successive failed login attempts
- timed account locked release 30 seconds after last failed login attempt
- fixed delay time regardless of number of successive failed login attempts
Modestly progressing login delay
login_attempt_max_count = 2 user_lock_time = 15 user_lock_max_time = 0 user_lock_time_progression = 2
will have following effect:
- first account lock after 2 successive failed login attempts
- timed account locked release after a time, that depends on failed login attempt history like so:
Tab.: lock time progression (factor 2)
attempt count | delay time in seconds [1] |
0 | 0 |
1 | 1 s |
2 | 15 s |
3 | 30 s |
4 | 60 s |
5 | 2 min |
6 | 4 min |
7 | 8 min |
8 | 16 min |
9 | 32 min |
10 | 1h 4 min |
.. | .. |
18 | 1 d 12 h 25 min |
.. | .. |
26 | 1 a 23 d |
.. | .. |
[1] time after previous failed login attempt
Aggressively progressing, but limited login delay
login_attempt_max_count = 4 user_lock_time = 10 user_lock_max_time = 86400 user_lock_time_progression = 5
will have following effect:
- first account lock after 4 successive failed login attempts
- timed account locked release after a time, that depends on failed login attempt history and is limited to max. 24 hours like so:
Tab.: lock time progression (factor 2)
attempt count | delay time in seconds |
0 | 0 |
1 | 10 s |
2 | 25 s |
3 | 2 min 5 s |
4 | 10 min 25 s |
5 | 4 h 20 min |
6 | 21 h 42 min |
7 | 24 h [2] |
8 | 24 h |
9 | 24 h |
.. | .. |
[2] limit kicking in here and an any further attempt