From 3f50b05e2530dfcdc44e5f13abac9fbdf20400c1 Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Thu, 10 Dec 2020 13:35:38 +0530 Subject: [PATCH] mgr/dashboard: Updating the docs regarding the user lockout Fixes: https://tracker.ceph.com/issues/40914 Signed-off-by: Nizamudeen A --- doc/mgr/dashboard.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index 3e27005f481..761bcd50501 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -333,6 +333,34 @@ commands:: $ ceph dashboard ac-user-create administrator +Account Lock-out +^^^^^^^^^^^^^^^^ + +It disables a user account if a user repeatedly enters the wrong credentials +for multiple times. It is enabled by default to prevent brute-force or dictionary +attacks. The user can get or set the default number of lock-out attempts using +these commands respectively:: + + $ ceph dashboard get-account-lockout-attempts + $ ceph dashboard set-account-lockout-attempts + +.. warning:: + + This feature can be disabled by setting the default number of lock-out attempts to 0. + However, by disabling this feature, the account is more vulnerable to brute-force or + dictionary based attacks. This can be disabled by:: + + $ ceph dashboard set-account-lockout-attempts 0 + +Enable a Locked User +^^^^^^^^^^^^^^^^^^^^ + +If a user account is disabled as a result of multiple invalid login attempts, then +it needs to be manually enabled by the administrator. This can be done by the following +command:: + + $ ceph dashboard ac-user-enable + Accessing the Dashboard ^^^^^^^^^^^^^^^^^^^^^^^ -- 2.39.5