Closed Team1-epat closed 4 months ago
There is no config flag to disable the login throttle behaviour as such. You could set the login_max_count to an arbitrarily large number, but why would you want to? The lock is reset when they manage to log in successfully, so it shouldn't really ever be a problem for legitimate users. It should only be there to prevent malicious users from guessing users passwords if they know their username/email address.
Hi @markstuart, I see, noted that there is no way to disable the login throttle. Please close this issue. Thank you so much!
It's still unclear why you want to disable it. What is your use case?
It's still unclear why you want to disable it. What is your use case?
Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.
Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.
Two issues with that:
Hi,
Because I'm deploying ckan in a internal network, so lockout session might not be a necessary feature for me.
Two issues with that:
- There can still be bad actors internally;
- Even if it's unnecessary, is it really a problem to have it?
Hi, I'm just checking with you whether is there such a configuration to disable the lockout feature. I did not mentioned that it is a problem. I'm just mainly checking if there is a configuration, that's all.
Hi,
I am currently using ckanext-security tag 4.1.1, may I check with you whether is it possible to disable the login_max_count and lock_timeout? Is it possible to not lock the users when they entered the wrong credentials for 10 times (default value is 10 times)?