Login Attempts Properties

As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.

By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts

Use the following properties to change the login attempt settings

Property

Description

ban-max-invalid-attempts

The number of invalid attempts before a user is locked out

ban-address-duration

The amount of time in seconds a user is locked out for after hitting the invalid attempts limit

ban-max-addresses

The number of addresses that KCM will track to check for invalid attempts. Defaults to 10485760

PreviousSQL Server Configuration Properties NextTroubleshooting

Last updated 2 years ago

Was this helpful?