Wiki Spaces

Documentation
Projects
Resources

Get Help from Others

Q&A: Ask OpenMRS
Discussion: OpenMRS Talk
Real-Time: IRC Chat | Slack

Documentation

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Users are locked out of OpenMRS for 30 5 minutes after 7 incorrect password attempts.
    • Number of attempts and last attempted time are stored as a user property. The Edit User administration page will allow you to edit the current user's properties. (Alternatively, you can clear the rows in the user_property table for that user. Since OpenMRS v1.10 the number of allowed failed login attempts can be set using the security.allowedFailedLoginsBeforeLockout global property found under Settings->Security section of the web application
  • IP addresses are locked out after 10 username/password attempts.
    • The number of attempts per IP are left in memory on the server in the LoginServlet. Restart OpenMRS to clear this variable.

...