Improve Default Admin Recovery Tooling

openziti / ziti

The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

https://openziti.io

Apache License 2.0

2.81k stars 159 forks source link

Improve Default Admin Recovery Tooling #1617

Open andrewpmartinez opened 3 years ago

andrewpmartinez commented 3 years ago

Add CLI tooling to recover/reset default admin.

qrkourier commented 11 months ago

It feels dangerous to lock the default admin permanently. I assume the goal is to impede brute forcing the password, so a tarpit is sufficient to make brute forcing infeasible because the attempt rate is too slow for even a modest keyspace. How about five attempts and it's locked for 5 minutes?

andrewpmartinez commented 4 months ago

It feels dangerous to lock the default admin permanently. I assume the goal is to impede brute forcing the password, so a tarpit is sufficient to make brute forcing infeasible because the attempt rate is too slow for even a modest keyspace. How about five attempts and it's locked for 5 minutes?

I believe this can be configured through the auth policy feature.