Lockout (Optional)

Last Updated: May 2020

Important

This feature requires the django-axes library to be installed. Starting with Tethys 5.0 or if you are using micro-tethys-platform, you will need to install django-axes using conda or pip as follows:

# conda: conda-forge channel strongly recommended
conda install -c conda-forge django-axes

# pip
pip install django-axes

Tethys Portal includes lockout capabilities to prevent brute-force login attempts. This capability is provided by the Django Axes add-on for Django. This document describes the different configuration options that are available for lockout capabilities in Tethys Portal.

../../../../../_images/locked_out.png

Default Configuration

By default, the lockout functionality is disabled when the DEBUG setting is set to True and enabled when DEBUG is False. When lockout is enabled the default behavior is to automatically disable logging in after 3 failed attempts for a given username with a cool off period of 30 minutes. For more details on the default lockout settings see LOCKOUT_CONFIG in the Tethys Portal Configuration documentation.

Configuration

The default behavior can be overridden with settings in your portal_config.yaml file. For example:

LOCKOUT_CONFIG:
  AXES_ENABLED: True
  AXES_FAILURE_LIMIT: 10
  AXES_COOLOFF_TIME: 1
  AXES_LOCK_OUT_BY_USER_OR_IP: True
  AXES_RESET_ON_SUCCESS: True

For a full list of options for configuring lockout in Tethys Portal, please refer to the Django Axes Configuration Documentation