I think you should just add an exponentially growing timeout to when the user can log in (maybe per source ip) or at least make it configurable from the frontend. But anyways, for our internal/firewalled archiva this sort of thing is a bit of over kill.
I finally found out how to convince it to be more lenient.
Just add the following content:
security.policy.password.expiration.days=999999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=300
security.policy.password.previous.count=1
security.policy.password.rule.reuse.enabled=false
to the equivalent file to your system:
glassfish_2.1/domains/archiva/lib/classes/org/apache/maven/archiva/security.properties
http://osdir.com/ml/users-archiva-apache/2009-02/msg00031.html
No comments:
Post a Comment