March 1, 2021

Disable Account Lockout After Excessive Login Failures in Open edX

Activities, Android Developer, Ansible, Apache2, Atlassian, Ayo Belajar Linux, Bestpath Network, BLC Telkom Klaten, BSD, Caddy Server, Case Study, Cisco, Cisco Indonesia, Cloud Computing, Cockpit, Custom Weapons, Docker, E-Learning, Engenius, Error, FreeBSD, FreeBSD Indonesia, Komunitas Pengguna Linux Indonesia, KPLI Bulukumba, KPLI Klaten, Let's Encrypt, Linux, MacOS, Microsoft Azure, Microsoft SQL Server, MikroTik, MikroTik Indonesia, MySQL, Nginx, Open edX, OpenSID, Others, PHP, phpMyAdmin, PostgreSQL, Proxmox, Python, Redash, Sendy, SSH, Stories, Subnetting, TP-Link, Ubiquiti, Unix, Virtualization, Windows, X-Mosque, Faizar Septiawan, Icar, siBunglonGanteng, Orang Ganteng, siBunglonLabs

Account lockout feature will keep track of the number of failed login attempts on a given user’s email. If the number of consecutive failed login attempts - without a successful login at some point - reaches a configurable threshold (default 5), then the account will be “locked” for a configurable amount of seconds (15 minutes) which will prevent additional login attempts until this time period has passed. If a user successfully logs in, all the counter which tracks the number of failed attempts will be reset back to 0.

By default, account lockout is enabled, but the feature is configurable via a FEATURES flag.

Configure:

Open and edit lms.env.json file using your favorite editor. Then find the "FEATURES" configuration, add ENABLE_MAX_FAILED_LOGIN_ATTEMPTS into "FEATURES" array and set to false. See the following codes snippet:

    "FEATURES": {
        ...
        "ENABLE_MAX_FAILED_LOGIN_ATTEMPTS": false,
        ...
    },

Restart LMS service.