[jboss-jira] [JBoss JIRA] (ELY-297) Account Lockout
David Lloyd (JIRA)
issues at jboss.org
Thu Oct 8 10:04:00 EDT 2015
[ https://issues.jboss.org/browse/ELY-297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13116461#comment-13116461 ]
David Lloyd commented on ELY-297:
---------------------------------
Another thought is, that this seems broadly related to things which are generally considered to fall under authorization and policy, such as: limited login/logout times, limited duration sessions, etc.
> Account Lockout
> ---------------
>
> Key: ELY-297
> URL: https://issues.jboss.org/browse/ELY-297
> Project: WildFly Elytron
> Issue Type: Task
> Components: HTTP, Realms, SASL
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: Common_Authentication, Realm_Management, management_security,
>
> One issue to consider is that we are using realms to integrate with existing user stores so may not be able to update the remote store: -
> - Consider an option to update the remote store if possible.
> - If not cache a backlisted user until an admin unlocks that account
> Before being implemented this feature will require further discussion, in additional to locking mechanisms for unlocking should also be considered and also the potentional for denail of service type attacks based on locking out the administrators.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list