3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
1.9 KiB
Configure Horizon User Lockout on Failed Logins
For security, login to the Web administration interface can be disabled for a user after several consecutive failed attempts. You can configure how many failed attempts are allowed before the user is locked out, and how long the user must wait before the lockout is reset.
Caution
This procedure requires the Web service to be restarted, which causes all current user sessions to be lost. To avoid interrupting user sessions, perform this procedure during a scheduled maintenance period only.
By default, after three consecutive failed login attempts, a user must wait five minutes (300 seconds) before attempting another login. During this period, all Web administration interface login attempts by the user are refused, including those using the correct password.
This behavior is controlled by the lockout_retries parameter and the
lockout_seconds service parameter. To review their current values, use
the system service-parameter-list command.
You can change the duration of the lockout using the following CLI command:
~(keystone_admin)$ system service-parameter-modify horizon auth \
lockout_seconds=<duration>where <duration> is the time in seconds.
You can change the number of allowed retries before a lockout is imposed using the following CLI command:
~(keystone_admin)$ system service-parameter-modify horizon auth \
lockout_retries=<attempts>where <attempts> is the number of allowed retries.
For the changes to take effect, you must apply them:
~(keystone_admin)$ system service-parameter-apply horizonAllow about 30 seconds after applying the changes for the Web service to restart.