Werk #7090: Automatically lock users after 10 subsequent logon failures
| Component | User interface |
| Title | Automatically lock users after 10 subsequent logon failures |
| Date | Feb 18, 2019 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk Version | 1.6.0b1 |
| Level | Trivial Change |
| Class | Security Fix |
| Compatibility | Compatible - no manual interaction needed |
Sites created with Check_MK 1.6 will be configured to automatically lock user accounts that fail to log in 10 times in a row. Existing sites will not be affected by this change.
Check_MK already had the option to configure this feature for a long time. It can be customized using the global setting "Lock user accounts after N logon failures". If you have configured this in your setup, your setting is left untouched.
To unlock automatically locked users, you need to login as administrative user and disable the option "Disable password" for this user. In case your administrative account was locked out, you will have to reset the password of your account (using htpasswd -m ~/etc/htpasswd [user-id]).
