Login Attempts Properties

As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.

By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts

Use the following properties to change the login attempt settings



The number of invalid attempts before a user is locked out


The amount of time in seconds a user is locked out for after hitting the invalid attempts limit


The number of addresses that KCM will track to check for invalid attempts. Defaults to 10485760

Last updated