...

To prevent default authorisation, simply define them as blank, which is the default in the NMIS8 Install configuration.

Locking accounts after N failed login attempts

In NMIS versions 8.5.12G and newer you can configure optional account locking. This feature is not enabled by default as it could be abused for denial-of-service attacks.

If you set the configuration option auth_lockout_after to a positive number N, then the account in question will be locked after N consecutive failed login attempts. If the optional configuration item server_admin holds an email address, a notification email will be sent to the given administrator address.

Locked accounts can be re-enabled from the GUI: visit the System -> System Configuration -> Users page, and click on the option "reset login count" for the locked account.

From the command line re-enabling is also possibly: simply remove the file /usr/local/nmis8/var/nmis_system/auth_failures/<accountname>.json.

NMIS Single Sign On

Configuring Single Sign On

...