Konfigurationsoption für Wartezeit nach fehlgeschlagenen Logins

author Moritz Bunkus <m.bunkus@linet-services.de>

Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)
author Moritz Bunkus <m.bunkus@linet-services.de>
Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)
diff --git a/SL/Auth.pm b/SL/Auth.pm

index ed5c845..52c2dc6 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -194,7 +194,8 @@ sub authenticate {
  }
  
  sub punish_wrong_login {
-  sleep 5;
+  my $failed_login_penalty = ($::lx_office_conf{authentication} || {})->{failed_login_penalty};
+  sleep $failed_login_penalty if $failed_login_penalty;
  }
  
  sub get_stored_password {
diff --git a/config/kivitendo.conf.default b/config/kivitendo.conf.default

index 879dab0..127eb3c 100644 (file)
--- a/config/kivitendo.conf.default
+++ b/config/kivitendo.conf.default
@@ -16,6 +16,10 @@ cookie_name = kivitendo_session_id
  # hours.
  session_timeout = 480
  
+# The number of seconds to penalize failed login attempts. 0 disables
+# it.
+failed_login_penalty = 5
+
  [authentication/database]
  # Connection information for the database with the user and group
  # inforamtion.  This information is always needed, even if LDAP is
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Thu, 27 Sep 2012 13:50:11 +0000 (15:50 +0200)
SL/Auth.pm		patch \| blob \| history
config/kivitendo.conf.default		patch \| blob \| history