Login Attempts Properties
As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.
By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts
Use the following properties to change the login attempt settings
Property | Description |
---|---|
ban-max-invalid-attempts | The number of invalid attempts before a user is locked out |
ban-address-duration | The amount of time in seconds a user is locked out for after hitting the invalid attempts limit |
ban-max-addresses | The number of addresses that KCM will track to check for invalid attempts. Defaults to 10485760 |
Last modified 1yr ago