March 1, 2021

Disable Account Lockout After Excessive Login Failures in Open edX

Linux, Unix, BSD, MacOS, Komunitas Pengguna Linux Indonesia, KPLI Klaten, KPLI Bulukumba, MikroTik, MikroTik Indonesia, FreeBSD, FreeBSD Indonesia, Cisco, Cisco Indonesia, BLC Telkom Klaten, Ansible, Nginx, Apache2, Caddy Server, Ayo Belajar Linux, Cloud Computing, e-Learning, Open edX, Proxmox, Sendy, Microsoft SQL Server, MySQL, PostgreSQL, Lets Encrypt, Case Study, Atlassian, Virtualization, Faizar Septiawan, Icar, siBunglonGanteng, siBunglonLabs, Orang Ganteng

Account lockout feature will keep track of the number of failed login attempts on a given user’s email. If the number of consecutive failed login attempts - without a successful login at some point - reaches a configurable threshold (default 5), then the account will be “locked” for a configurable amount of seconds (15 minutes) which will prevent additional login attempts until this time period has passed. If a user successfully logs in, all the counter which tracks the number of failed attempts will be reset back to 0.

By default, account lockout is enabled, but the feature is configurable via a FEATURES flag.

Configure:

Open and edit lms.env.json file using your favorite editor. Then find the "FEATURES" configuration, add ENABLE_MAX_FAILED_LOGIN_ATTEMPTS into "FEATURES" array and set to false. See the following codes snippet:

    "FEATURES": {
        ...
        "ENABLE_MAX_FAILED_LOGIN_ATTEMPTS": false,
        ...
    },

Restart LMS service.