Is it possible to disable to number of login_max_count?

[Team1-epat]

Hi,

I am currently using ckanext-security tag 4.1.1, may I check with you whether is it possible to disable the login_max_count and lock_timeout? Is it possible to not lock the users when they entered the wrong credentials for 10 times (default value is 10 times)?

ckanext.security.lock_timeout = 900     
ckanext.security.login_max_count = 10 

[markstuart]

There is no config flag to disable the login throttle behaviour as such. You could set the login_max_count to an arbitrarily large number, but why would you want to? The lock is reset when they manage to log in successfully, so it shouldn't really ever be a problem for legitimate users. It should only be there to prevent malicious users from guessing users passwords if they know their username/email address.

[Team1-epat]

Hi @markstuart, I see, noted that there is no way to disable the login throttle. Please close this issue. Thank you so much!

[ThrawnCA]

It's still unclear why you want to disable it. What is your use case?

[Team1-epat]

It's still unclear why you want to disable it. What is your use case?

Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.

[ThrawnCA]

Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.

Two issues with that:

• There can still be bad actors internally;
• Even if it's unnecessary, is it really a problem to have it?

[Team1-epat]

Hi,

Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.

Two issues with that:

• There can still be bad actors internally;
• Even if it's unnecessary, is it really a problem to have it?

Hi, I'm just checking with you whether is there such a configuration to disable the lockout feature. I did not mentioned that it is a problem. I'm just mainly checking if there is a configuration, that's all.