Tarantella Administration Guide > Users and authentication > Denying users access to Tarantella after failed login attempts

Denying users access to Tarantella after failed login attempts

By enabling a login failure handler, Administrators can deny users access to Tarantella after three failed login attempts. This additional security measure only works if users have ENS person objects.

To enable the login failure handler:

1. On the command line, type:
   tarantella config edit --tarantella-config-components-loginfailurehandler 1
2. Then type:
   tarantella config edit --tarantella-config-components-loginfailurefilter 1

Notes on enabling the login failure handler

• If you enable this functionality and a user does not have an ENS person object, they will still be able to log in to Tarantella.
• The number of login attempts is local to each Tarantella server and is not copied across the array. Only when the login limit is reached on a server, is the user denied access across the array. For example, a user could try to log in on each Tarantella server two times, but only when they fail for the third time on a server will they be denied access to the other members of the array.
• If a user is denied access, they are only denied access to Tarantella. They are not denied access to the host on which Tarantella is installed.
• When a user is denied access, Tarantella unchecks the May log in to Tarantella (--enabled false) checkbox for the user's person object in Object Manager. To give a user access again, you only need to re-check this check box (--enabled true).
• For security reasons, users are not given any indication that their account has been disabled. They see the same message as if they'd typed an incorrect password.

Can I change the number of login attempts users get?

Yes, the number of login attempts users get is configurable. To change the number of login attempts:

1. Log in to the primary Tarantella server.
2. Stop the primary Tarantella server. On the command line, type:
   tarantella stop.
3. Set the number of login attempts. On the command line, type:
   tarantella config edit --com.sco.tta.server.login.LoginFailureHandler.properties-attemptsallowed number.
4. Start the primary Tarantella server. On the command line, type:
   tarantella start.
5. Do a warm restart of all secondary Tarantella servers (tarantella restart --warm).