Limiting the Number of Permitted Login Attempts

Symptom:

Users can attempt logging in as often and as fast as they want at the screen unlock prompt and local login prompts (e.g. for Kerberos, Shared Workplace, IGEL Smartcard).

Problem:

This leaves the system and remote sessions vulnerable to brute force login attacks.

Solution:

In IGEL OS 10.03.100 and newer, the number of login attempts is limited to 5 within 30 seconds.

These values can be changed in the system registry:

  1. In Setup, go to System > Registry
  2. Go to the auth.login.lockout_threshold parameter to set the maximum number of login attempts within the specified interval.
  3. Go to the auth.login.lockout_duration parameter to set the interval in seconds.
  4. Click Apply or Save.

    IGEL's Terms & Conditions apply.