User auth limits.pl

From EPrints Documentation
Revision as of 08:17, 31 January 2022 by Drn@ecs.soton.ac.uk (talk | contribs) (Added authentication category)
Jump to: navigation, search

EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects


Back to cfg.d

user_auth_limits.pl contains configuration that places limits on aspects of user authentication. It contains the following configuration options:

  • $c->{max_login_attempts? - Maximum number of failed login attempts before the account is locked. Default is 10.
  • $c->{lockout_minutes} - How long an account is locked if there are too many failed login attempts. Default is 10 minutes.
  • $c->{reset_request_recent_hours} - Number of hours before another password request email can be sent. Assuming the password was not reset by the previous email. This prevents users being incessantly spammed by unsolicited password reset emails. Default is 24 hours.
  • $c->{max_account_requests} - Maximum number of accounts tht can be requested in a set period. Default is 100.
  • $c->{max_account_requests_minutes} - Number of minutes for which no more than the max_account_requests can be requested. Default is 60 minutes.