security

security.accountLockoutPolicy

Specifies conditions for account lockout

security:
  accountLockoutPolicy:
    # Lockout account after 10 failed logins for 15 minutes, reset counter after 30 minutes
    threshold: 10
    lockoutDurationSeconds: 900
    resetCounterPeriodSeconds: 1800

security.accountLockoutPolicy.threshold

number = 10

Number of unsuccessful login attempts after which account will be locked out. Set to 0 to disable.

security.accountLockoutPolicy.lockoutDurationSeconds

number = 900 (15 minutes)

Time period in seconds a locked-out account remains locked out before automatically becoming unlocked.

security.accountLockoutPolicy.resetCounterPeriodSeconds

number = lockoutDurationSeconds

Time period in seconds following last unsuccessful login after which the lockout counter will be set back to zero. Must be same or greater than lockoutDurationSeconds. If no value is specified then lockoutDurationSeconds value is used.