This change addresses a long-standing issue in rST documentation imported from XML. That import process added backslash escapes in front of various characters. The three most common being '(', ')', and '_'. These instances are removed. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e
2.0 KiB
Configure Horizon User Lockout on Failed Logins
For security, login to the Web administration interface can be disabled for a user after several consecutive failed attempts. You can configure how many failed attempts are allowed before the user is locked out, and how long the user must wait before the lockout is reset.
Caution
This procedure requires the Web service to be restarted, which causes all current user sessions to be lost. To avoid interrupting user sessions, perform this procedure during a scheduled maintenance period only.
By default, after five consecutive failed login attempts, a user must wait thirty minutes (1800 seconds) before attempting another login. During this period, all Web administration interface login attempts by the user are refused, including those using the correct password.
This behavior is controlled by the lockout_retries parameter and the
lockout_seconds service parameter. To review their current values, use
the system service-parameter-list
command.
You can change the duration of the lockout using the following command:
~(keystone_admin)]$ system service-parameter-modify identity security_compliance lockout_seconds=<duration>
where <duration>
is the time in seconds.
You can change the number of allowed retries before a lockout is imposed using the following command:
~(keystone_admin)]$ system service-parameter-modify identity security_compliance lockout_retries=<attempts>
where <attempts>
is the number of allowed
retries.
For the changes to take effect, you must apply them:
~(keystone_admin)]$ system service-parameter-apply identity
Allow about 30 seconds after applying the changes for the Web service to restart.