[jboss-jira] [JBoss JIRA] (WFLY-569) Implement an account lockout mechanism for domain management.
Darran Lofthouse (JIRA)
issues at jboss.org
Mon Feb 10 07:11:28 EST 2014
[ https://issues.jboss.org/browse/WFLY-569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFLY-569:
----------------------------------
Labels: Common_Authentication Realm_Management management_security, (was: Common_Authentication Realm_Management)
> Implement an account lockout mechanism for domain management.
> -------------------------------------------------------------
>
> Key: WFLY-569
> URL: https://issues.jboss.org/browse/WFLY-569
> Project: WildFly
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: Common_Authentication, Realm_Management, management_security,
> Fix For: 9.0.0.CR1
>
>
> One issue to consider is that we are using realms to integrate with existing user stores so may not be able to update the remote store: -
> - Consider an option to update the remote store if possible.
> - If not cache a backlisted user until an admin unlocks that account
> Before being implemented this feature will require further discussion, in additional to locking mechanisms for unlocking should also be considered and also the potentional for denail of service type attacks based on locking out the administrators.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list