Configure login attempt limits

By default, Continuous Delivery (CD) limits the number of unsuccessful login attempts users can make within a certain timeframe. If the user exceeds the allowed number of unsuccessful login attempts within that timeframe, their account is temporarily locked. You can customize login attempt limits for your installation.

To configure login attempt settings, , edit the data/common.yaml file for the following settings:

• Max login attempts before lockout: The number of unsuccessful login attempts a user can make before the account is locked. The default is 10 attempts.

   max_login_attempts: <attempts>

• Time period (minutes) to look at for failed logins: The amount of time that must elapse before the failed login count resets. The default is 15 minutes.

   failed_login_attempt_period_mins: <minutes>

• Time period (minutes) to lock an account: How long user accounts are locked after exceeding the number of unsuccessful login attempts within the failed login timeframe. The default is 120 minutes.

   lockout_period_mins: <minutes>