archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marius Kruger <>
Subject user locked after failed attempts
Date Fri, 25 Jun 2010 14:44:34 GMT
After just 3 login attempts a user's account is locked by Archiva,
which is quite bad if a whole team including continuous integration
servers uses the same account.
(using the same account because I can't setup a security role which
includes several repositories and assign that role to a user)

I think you should just add an exponentially growing timeout after
each failed attempt per source ip
or at least make security options configurable from the frontend.

For our internal/firewalled archiva this sort of thing is a bit of over kill.
I finally found out how to convince archiva to be more lenient.

I saw that you are considering a different security provider, but it
looks quite far off,
so I just thought I'd give you some feedback in the meantime.

<>< Marius ><>

View raw message