Bug 1461640 - Account lockout period should increase with each successive lockout event
Account lockout period should increase with each successive lockout event
Product: Bugzilla
Classification: Community
Component: User Accounts (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: ---
: ---
Assigned To: PnT DevOps Devs
Depends On:
  Show dependency treegraph
Reported: 2017-06-14 23:56 EDT by Jeff Fearn
Modified: 2017-07-04 20:43 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-07-04 20:43:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Fearn 2017-06-14 23:56:06 EDT
Description of problem:
Currently the same lockout period is applied every time a lock out event is triggered, the lock out period should increase for each lockout event. 

Version-Release number of selected component (if applicable):

How reproducible:
Write a script and give it the wrong password.

Steps to Reproduce:
1. Write a script
2. enter valid user but invalid credentials
3. forget to check wtf is going on and blindly retry

Actual results:
Every 30 minutes you will get another shot at logging in and an email will be sent to the error list.

If you have multiple IPs you can do the same from each IP.

Expected results:
The lock out period should be based on the total number of failed logins in the DB. The entities in the DB should get deleted on a successful login.

Additional info:

e.g. ( count(youloginfailures) / MAX_LOGIN_ATTEMPTS ) *  LOGIN_LOCKOUT_INTERVAL ) minutes

(   5 / 5 ) * 30 =   30 minutes
( 150 / 5 ) * 30 =  900 minutes
( 352 / 5 ) * 30 = 2112 minutes
Comment 1 Jeff Fearn 2017-07-04 20:43:53 EDT
The current value is a balance between user friendly and BOFH.

Note You need to log in before you can comment on or make changes to this bug.