This documentation site is about the unstable (upcoming) Comentario version.
Switch to the stable version »
Max. failed login attempts
auth.login.local.maxAttempts
This dynamic configuration parameter configures how many times the user can try to login with a wrong password before getting locked out of Comentario.
Comentario keeps a counter of failed login attempts for each user.
- As soon as that counter exceeds the value specified for this setting (the default is
10
), the corresponding account will be locked. It will then require an intervention of a superuser to become unlocked. - If the setting’s value is
0
, no lockout will ever happen. This means the user is always allowed at least one retry. - The failed login attempt counter gets reset to zero as soon as the user has successfully logged in.
This mechanism is mostly intended to safeguard users against brute-force attacks on their passwords. In order to disable it, set the value to 0
.