Bug 1633360

Summary: Allow admin to opt-out from the Brute-force attack protection
Product: Red Hat Satellite 6 Reporter: Jan Hutař <jhutar>
Component: SecurityAssignee: Marek Hulan <mhulan>
Status: CLOSED ERRATA QA Contact: Jan Hutař <jhutar>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4CC: cwelton, dlezzoum, lzap, mhulan, omaciel, pcreech, tbrisker
Target Milestone: 6.5.0Keywords: PrioBumpQA, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:38:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Hutař 2018-09-26 19:25:08 UTC
Description of problem:
Implementation of http://projects.theforeman.org/issues/4238 introduced a BFA protection, however this is not configurable at all (enable/disable, number of retries, blacklist timeout, etc.).

It would be beneficial, if I as an admin had a way of configure or completely disable the feature.


Version-Release number of selected component (if applicable):
satellite-6.4.0-15.el7sat.noarch


How reproducible:
always


Steps to Reproduce:
1. Go to Administer -> Settings and search for "failed_login_attempts_limit"


Actual results:
It is not there


Expected results:
It should be there

Comment 5 pm-sat@redhat.com 2018-09-26 20:04:05 UTC
Upstream bug assigned to mhulan@redhat.com

Comment 6 pm-sat@redhat.com 2018-09-26 20:04:08 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/22778 has been resolved.

Comment 7 Djebran Lezzoum 2018-10-08 08:11:14 UTC
put qe_ack + , as this an important fix (adding the ability to disable or to fine tune the number of attempts of authenticated login to be considered as Brute-force attack) for the Brute-force attack protection

Comment 15 errata-xmlrpc 2019-05-14 12:38:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222