You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/06/15 19:48:57 UTC

[Bug 59708] LockOutRealm Details

https://bz.apache.org/bugzilla/show_bug.cgi?id=59708

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.

To answer the question, the LockOutRealm currently treats any authentication
attempt during the lock out period as a failure. This does mean that once an
account is locked out, if the legitimate users attempts to login more
frequently that the lockout period that user is never going to regain access.

It does make sense to change this behaviour (and document it) so that valid
logins do not extend the lockout period. I'll take a look at a patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org