Configure the default behaviour in case of denying access after failed login attempts
This document (000021275) is provided subject to the disclaimer at the end of this document.
Situation
NeuVector’s default configuration allows a maximum of 5 failed login attempts and then locks your account for 60 minutes.
The error you will encounter if you match this configuration will be:
Temporarily blocked because of too many login failures
It is undoubtedly a great thing to counter possible Brute Force Attacks, but in the real world, it may be necessary to adjust these parameters. How can it be done?
Resolution
The modification can be done in 2 ways: from console or as-code.
CONSOLE
1. Settings > Users, API Keys & Roles > Authentication and Security Policies
2. Edit the parameters under Deny Access after Failed Login Attempts:
- Maximum Number of Failed Attempts Allowed
- Allowed Access Again after Time (Minutes)
AS-CODE during installation
Below is a snippet of the Helm Chart values with controller secret to adjust these parameters ->
...
controller:
secret:
enabled: true
data:
passwordprofileinitcfg.yaml:
always_reload: true
active_profile_name: default
pwd_profiles:
- name: default
...
enable_block_after_failed_login: <BOOLEAN_TRUE_OR_FALSE>
block_after_failed_login_count: <NUMBER>
block_minutes: <NUMBER>
...
References:- Helm Chart complete values.yaml file.
- InitConfig possible parameters.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021275
- Creation Date: 16-Nov-2023
- Modified Date:19-Dec-2023
-
- SUSE NeuVector
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
