User auth limits.pl
Revision as of 00:00, 31 January 2022 by Drn@ecs.soton.ac.uk (talk | contribs)
EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects
user_auth_limits.pl contains configuration that places limits on aspects of user authentication. It contains the following configuration options:
$c->{max_login_attempts?
- Maximum number of failed login attempts before the account is locked. Default is 10.$c->{lockout_minutes}
- How long an account is locked if there are too many failed login attempts. Default is 10 minutes.$c->{reset_request_recent_hours}
- Number of hours before another password request email can be sent. Assuming the password was not reset by the previous email. This prevents users being incessantly spammed by unsolicited password reset emails. Default is 24 hours.$c->{max_account_requests}
- Maximum number of accounts tht can be requested in a set period. Default is 100.$c->{max_account_requests_minutes}
- Number of minutes for which no more than themax_account_requests
can be requested. Default is 60 minutes.