Module: check_mk
Branch: master
Commit: cbe4bcbf81f607733adb54420af062372ec937dd
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cbe4bcbf81f607…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 18 22:02:59 2019 +0100
7090 SEC Automatically lock users after 10 subsequent logon failures
Sites created with Check_MK 1.6 will be configured to automatically lock user
accounts that fail to log in 10 times in a row. Existing sites will not be
affected by this change.
Check_MK already had the option to configure this feature for a long time. It
can be customized using the global setting "Lock user accounts after N logon
failures". If you have configured this in your setup, your setting is left
untouched.
To unlock automatically locked users, you need to login as administrative user
and disable the option "Disable password" for this user. In case your
administrative account was locked out, you will have to reset the password
of your account (using <tt>htpasswd -m ~/etc/htpasswd [user-id]</tt>).
CMK-1083
Change-Id: I2c1f6a5560b0d537acbf3be735ef9d9b2e3a4f0b
---
.werks/7090 | 22 ++++++++++++++++++++++
cmk/gui/watolib/__init__.py | 1 +
2 files changed, 23 insertions(+)
diff --git a/.werks/7090 b/.werks/7090
new file mode 100644
index 0000000..ed13924
--- /dev/null
+++ b/.werks/7090
@@ -0,0 +1,22 @@
+Title: Automatically lock users after 10 subsequent logon failures
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1550523202
+Class: security
+
+Sites created with Check_MK 1.6 will be configured to automatically lock user
+accounts that fail to log in 10 times in a row. Existing sites will not be
+affected by this change.
+
+Check_MK already had the option to configure this feature for a long time. It
+can be customized using the global setting "Lock user accounts after N logon
+failures". If you have configured this in your setup, your setting is left
+untouched.
+
+To unlock automatically locked users, you need to login as administrative user
+and disable the option "Disable password" for this user. In case your
+administrative account was locked out, you will have to reset the password
+of your account (using <tt>htpasswd -m ~/etc/htpasswd [user-id]</tt>).
diff --git a/cmk/gui/watolib/__init__.py b/cmk/gui/watolib/__init__.py
index 399d214..096d96a 100644
--- a/cmk/gui/watolib/__init__.py
+++ b/cmk/gui/watolib/__init__.py
@@ -422,6 +422,7 @@ def _create_sample_config():
],
"enable_rulebased_notifications": True,
"ui_theme": "facelift",
+ "lock_on_logon_failures": 10,
})
# A contact group for all hosts and services