[DOCU-148] Account lockout after failed attempts Created: 20/Apr/11  Updated: 27/May/11  Resolved: 27/May/11

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Antti Hietala Assignee: Antti Hietala
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File enabled-checkbox-smoot-illustration.png    
Issue Links:
causality
caused by MAGNOLIA-3557 Implement automatic account lockout a... Closed
relation
is related to MAGNOLIA-3671 User locked under heavy load. Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

MAGNOLIA-3557 is a new security feature that locks an account out after a number of failed login attempts. This feature is available starting with Magnolia 4.4.3 and needs to be documented.

The feature is configurable in /server/security/userManagers and works for SystemUserManager and MgnlUserManager classes. Maximum number of attempts that triggers a lockout is 5 by default. Value 0 disables the function. Lockout is implemented by setting the user.enabled property to false. A lock can be removed by an administrator by enabling the user again in the user edit dialog (checkbox)

Document in:



 Comments   
Comment by Antti Hietala [ 20/Apr/11 ]

Classes SystemUserManager and MgnlUserManager mean that this feature is implemented for System Users and Users, not for Public Users.

Comment by Antti Hietala [ 20/Apr/11 ]

Linking to implementing ticket.

Comment by Ruth Stocks [ 28/Apr/11 ]
  • Administration - Security - Users - Added detailed paragraph at the bottom of the page - http://docuauthor.magnolia-cms.com/administration/security/users.html#Automaticlockout
  • Technical Guide - added the following paragraph at the end of Users - paragraph 19.1 on Google Docs:
    "Automatic lockout is a security precaution that prevents users from accessing AdminCentral after a number of failed login attempts. By default, the lockout is triggered by a minimum of five failed attempts and the user account is automatically disabled. The number of failed attempts is configurable and different values can be set for admin and systems users."
  • User Manual 4 - Added the following sentence to "Logging in" paragraph at - http://docuauthor.magnolia-cms.com/usermanual4/gettingstarted.html
    "Note that if you attempt to log in unsuccessfully more than five times, your account will be disabled automatically and you will need to ask your administrator to re-enable it."
Comment by Boris Kraft [ 05/May/11 ]

The doc should state that this feature was added with version 4.4

Comment by Ruth Stocks [ 06/May/11 ]

Added reference to the feature's introduction in 4.4. in the three docs.

Comment by Antti Hietala [ 13/May/11 ]

In Administration > Security > Users, please make the following changes:

  • "When a non-existent username and/or incorrect password is entered, the user receives the following warning." Technically correct, entering a non-existent username displays the warning, but it would not lock the account since the account does not exit.
  • "by re-selecting the Enabled option" -> "by checking the Enabled checkbox"
  • "this option is automatically disabled" -> "this checkbox is cleared"
  • The arrow in the screenshot looks very jagged.
Comment by Ruth Stocks [ 16/May/11 ]

Amendments to Administration > Security > Users at http://docuauthor.magnolia-cms.com/administration/security/users.html#Automaticlockout. I created a new image but it looks about the same as the original. The arrow is an exact replica of the Skitch shapes.png one - I did not manipulate it at all.

Comment by Antti Hietala [ 16/May/11 ]

Your image editing tool must support transparency. The shapes have transparent pixels so they blend smoothly with the background screenshot. See attached an example where I copied the same arrow from Skitch shapes.png and pasted it on a screenshot.

Comment by Ruth Stocks [ 23/May/11 ]

Uploaded new image on Users page - http://docuauthor.magnolia-cms.com/administration/security/users.html#Automaticlockout

Generated at Mon Feb 12 01:06:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.