archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marius Kruger <ama...@gmail.com>
Subject user locked after failed attempts
Date Fri, 25 Jun 2010 14:44:34 GMT
hi,
After just 3 login attempts a user's account is locked by Archiva,
which is quite bad if a whole team including continuous integration
servers uses the same account.
(using the same account because I can't setup a security role which
includes several repositories and assign that role to a user)

I think you should just add an exponentially growing timeout after
each failed attempt per source ip
or at least make security options configurable from the frontend.

For our internal/firewalled archiva this sort of thing is a bit of over kill.
I finally found out how to convince archiva to be more lenient.
( http://amanica.blogspot.com/2010/03/how-to-make-archiva-less-paranoid-about.html
)

I saw that you are considering a different security provider, but it
looks quite far off,
so I just thought I'd give you some feedback in the meantime.

-- 
<>< Marius ><>

Mime
View raw message