Account lockout is a basic mechanism which protects passwords against brute-force attacks. After each failed login attempt failed login counter is incremented by one. Once the counter reaches
10 by default) the account is locked and all further login attemps (with valid password or not) in the next 15 minutes will result in login failure. This period can be configured by
lockoutDuration property. The account lockout can be disabled by setting
The counter is reset after successful login or after a time period following last login attempt. This value can be configured by setting
resetCounterPeriod property. This value is auto-set to
lockoutDuration if not set explicitly and must always be greater or equal to
Users can be manually unlocked either using Rebex Buru SFTP Server Web Administration or
burusftp user unlock command.
The failed login counter is shared with both Rebex Buru SFTP server and Rebex Buru SFTP Server Web Administration.