I was wondering if there is a build-in function to block an user from logging in for an hour after failing to provide a correct password several times in a row. If not, is this possible to build with a plug-in and could someone provide any directions on how to achieve this?
Thanks in forward!
Well, it depends on your backend directory type.
Internal directories have a Maximum Invalid Password Attempts option but as far as I know there is no way to automatically unlock users after a certain duration. You could actually build a plugin for this, or a simpler option would be to run a cron script every hour (you can use Crowd REST API for this)
LDAP directories usually provide the required feature. For instance in Red Hat Directory Server, you will need to configure an account lockout policy and set the lockout duration. Active Directory also has an account lockout duration parameter in its Account Lockout Settings.
I'm John Allspaw, co-founder of Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs