TSplus Remote Access prevents brute-force attacks by locking accounts after repeated failed attempts to login through the Portal.
By default, the lockout feature uses the following parameters:
|LockoutActivated||Defines if the Lockout feature is activated. The Lockout feature can be disabled by setting this parameter to false. Possible values are: true, false.||true|
|LockoutInterval||Specifies the allowable interval of time between failed login attempts. In seconds.||600|
|LockoutLimit||Defines the number of allowed failed attempts before the account is locked out.||10|
|LockoutPeriod||Specifies the amount of time an account is locked out and unable to login. In seconds.||1800|
These settings are available in the admin tool / expert mode / advanced / lockout :
For larger deployments that use scripted management tools, these parameters can be overridden by editing the configuration file hb.exe.config located in <TSplus setup directory>\Clients\www\cgi-bin directory. In the appSettings node of the document, the parameter key may be set to a different value. The change are effective once the hb.exe.config file is saved.
For example, see the following configuration for disabling the lockout feature:
<add key="LockoutActivated" value="false" />
<add key="LockoutInterval" value="600" />
<add key="LockoutLimit" value="10" />
<add key="LockoutPeriod" value="1800" />
Note: The period of time a user is locked out is the greatest value between LockoutPeriod and LockoutInterval settings. Therefore, when changing LockoutPeriod's value, one should update the LockoutInterval setting with a smaller value to ensure a relevant behavior.