1
0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
authelia/docs/configuration/regulation.md
yossbg 05406cfc7b
feat(ntp): check clock sync on startup ()
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-09-17 14:44:35 +10:00

1.5 KiB

layout title parent nav_order
default Regulation Configuration 10

Regulation

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

max_retries

type: integer {: .label .label-config .label-purple } default: 3 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

type: string (duration) {: .label .label-config .label-purple } default: 2m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

type: string (duration) {: .label .label-config .label-purple } default: 5m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.