From: Nizamudeen A Date: Thu, 10 Dec 2020 08:05:38 +0000 (+0530) Subject: mgr/dashboard: Updating the docs regarding the user lockout X-Git-Tag: v15.2.9~61^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F38810%2Fhead;p=ceph.git mgr/dashboard: Updating the docs regarding the user lockout Fixes: https://tracker.ceph.com/issues/40914 Signed-off-by: Nizamudeen A (cherry picked from commit 3f50b05e2530dfcdc44e5f13abac9fbdf20400c1) --- diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index 7d815d8b92f7..8068ab01d6e6 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -270,6 +270,34 @@ commands:: $ ceph dashboard ac-user-create administrator +Account Lock-out +^^^^^^^^^^^^^^^^ + +It disables a user account if a user repeatedly enters the wrong credentials +for multiple times. It is enabled by default to prevent brute-force or dictionary +attacks. The user can get or set the default number of lock-out attempts using +these commands respectively:: + + $ ceph dashboard get-account-lockout-attempts + $ ceph dashboard set-account-lockout-attempts + +.. warning:: + + This feature can be disabled by setting the default number of lock-out attempts to 0. + However, by disabling this feature, the account is more vulnerable to brute-force or + dictionary based attacks. This can be disabled by:: + + $ ceph dashboard set-account-lockout-attempts 0 + +Enable a Locked User +^^^^^^^^^^^^^^^^^^^^ + +If a user account is disabled as a result of multiple invalid login attempts, then +it needs to be manually enabled by the administrator. This can be done by the following +command:: + + $ ceph dashboard ac-user-enable + Accessing the Dashboard ^^^^^^^^^^^^^^^^^^^^^^^