|
Post by jenhuang on Jul 22, 2020 10:05:19 GMT
There is the long description of the property AuthFailureLoggingThreshold. "longDescription": "This property shall contain the threshold for when an authorization failure is logged. Logging shall occur after every `n` occurrences of an authorization failure, where `n` represents the value of this property. If the value is `0`, logging of authorization failures shall be disabled."
Is the AuthFailureLoggingThreshold be used for all accounts or each account need to check seperatly?
|
|
|
Post by jautor on Jul 24, 2020 15:43:31 GMT
The threshold applies to each account. The underlying feature (disabling an account due to excessive invalid login attempts) tracks attempts per account, so the logging function follows that process. You would not want to take actions based on attempts across accounts, as that would provide a method to create a denial-of-service attack.
We've added a few words to the description for that property to make this clear in schema - so thanks for pointing this out.
Jeff
|
|
|
Post by jenhuang on Feb 25, 2021 9:28:28 GMT
Hi Jeff, The '0' has been defined as logging of authorization failures disabled and there is no way to logging by every authorization failures.
Should this be considered?
|
|
|
Post by jautor on Feb 25, 2021 21:52:28 GMT
Hi Jeff, The '0' has been defined as logging of authorization failures disabled and there is no way to logging by every authorization failures. Should this be considered? Setting AuthFailureLoggingThreshold to a value of 1 would log every authentication failure. The language is a bit cumbersome but that is the result. One means every failed attempt is logged, two means every 2nd attempt, three is every 3rd attempt, and so forth. Jeff
|
|