You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Ed...@swisscom.com on 2003/08/05 12:56:16 UTC
AW: Limited Login Attempts
Have a look at JetspeedSecurity.properties (Jetspeed 1.4b4).
I think the following entries (located in the file JetspeedSecurity.properties) are exactly what you are searching for ...
# 3 logon strikes per 300 seconds and your out
services.JetspeedSecurity.logon.strike.count=3
services.JetspeedSecurity.logon.strike.interval=300
# dont allow more than 10 over any time period
services.JetspeedSecurity.logon.strike.max=10
-----Ursprüngliche Nachricht-----
Von: D.S. Johnson [mailto:dspectra@insightbb.com]
Gesendet am: Dienstag, 5. August 2003 13:00
An: Jetspeed Users List
Betreff: Limited Login Attempts
I was looking for a configuration setting for limiting user login
attempts. How hard would it be to add this feature.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: AW: Limited Login Attempts
Posted by "D.S. Johnson" <ds...@insightbb.com>.
Edmund.Mielach@swisscom.com wrote:
>Have a look at JetspeedSecurity.properties (Jetspeed 1.4b4).
>
>I think the following entries (located in the file JetspeedSecurity.properties) are exactly what you are searching for ...
>
># 3 logon strikes per 300 seconds and your out
>services.JetspeedSecurity.logon.strike.count=3
>services.JetspeedSecurity.logon.strike.interval=300
># dont allow more than 10 over any time period
>services.JetspeedSecurity.logon.strike.max=10
>
>-----Ursprüngliche Nachricht-----
>Von: D.S. Johnson [mailto:dspectra@insightbb.com]
>Gesendet am: Dienstag, 5. August 2003 13:00
>An: Jetspeed Users List
>Betreff: Limited Login Attempts
>
>I was looking for a configuration setting for limiting user login
>attempts. How hard would it be to add this feature.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>
>
I tried setting the following:
# Auto-Account-Disable Feature
services.JetspeedSecurity.logon.auto.disable=true
# 3 logon strikes per 300 seconds and your out
services.JetspeedSecurity.logon.strike.count=3
services.JetspeedSecurity.logon.strike.interval=300
# dont allow more than 10 over any time period
services.JetspeedSecurity.logon.strike.max=5
However it doesn't seem to work, I can still login after max number of
attempts.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: AW: Limited Login Attempts
Posted by "D.S. Johnson" <ds...@insightbb.com>.
Edmund.Mielach@swisscom.com wrote:
>Have a look at JetspeedSecurity.properties (Jetspeed 1.4b4).
>
>I think the following entries (located in the file JetspeedSecurity.properties) are exactly what you are searching for ...
>
># 3 logon strikes per 300 seconds and your out
>services.JetspeedSecurity.logon.strike.count=3
>services.JetspeedSecurity.logon.strike.interval=300
># dont allow more than 10 over any time period
>services.JetspeedSecurity.logon.strike.max=10
>
>-----Ursprüngliche Nachricht-----
>Von: D.S. Johnson [mailto:dspectra@insightbb.com]
>Gesendet am: Dienstag, 5. August 2003 13:00
>An: Jetspeed Users List
>Betreff: Limited Login Attempts
>
>I was looking for a configuration setting for limiting user login
>attempts. How hard would it be to add this feature.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>
>
I tried setting the following:
# Auto-Account-Disable Feature
services.JetspeedSecurity.logon.auto.disable=true
# 3 logon strikes per 300 seconds and your out
services.JetspeedSecurity.logon.strike.count=3
services.JetspeedSecurity.logon.strike.interval=300
# dont allow more than 10 over any time period
services.JetspeedSecurity.logon.strike.max=5
However it doesn't seem to work, I can still login after max number of
attempts.