|Table of Contents|
Roles and Privileges
- Users are locked out of OpenMRS for 5 minutes after 7 incorrect password attempts.
- Number of attempts and last attempted time are stored as a user property. The Edit User administration page will allow you to edit the current user's properties. (Alternatively, you can clear the rows in the user_property table for that user. Since OpenMRS v1.10 the number of allowed failed login attempts can be set using the security.allowedFailedLoginsBeforeLockout setting (formerly global property from platform 1.8 downwards) found under Settings->Security section of the web application
- IP addresses are locked out after 10 username/password attempts.
- The number of attempts per IP are left in memory on the server in the LoginServlet. Restart OpenMRS to clear this variable.