mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
40 lines
1.9 KiB
Plaintext
40 lines
1.9 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: User Lockout
|
|
description: >-
|
|
If a user provides bad credentials several times in quick succession,
|
|
Vault will stop trying to validate their credentials for a while, instead
|
|
returning immediately with a permission denied error.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# User lockout
|
|
|
|
@include 'user-lockout.mdx'
|
|
|
|
## Precedence
|
|
|
|
The precedence for user lockout configuration is as follows:
|
|
|
|
Configuration for an auth mount using tune >> Configuration for an auth method in config file >>
|
|
Configuration for "all" auth methods in config file >> Default values.
|
|
|
|
The precedence for user lockout disable is as follows:
|
|
|
|
Disable using environment variable VAULT_DISABLE_USER_LOCKOUT >>
|
|
Configuration for an auth mount using tune >> Configuration for an auth method in config file >>
|
|
Configuration for "all" auth methods in config file >> Default values.
|
|
|
|
## Configuration
|
|
|
|
User lockout parameters can be configured using config file for "all" auth methods or a specific auth method (userpass, ldap, or approle).
|
|
Please see [user lockout configuration](/vault/docs/configuration/user-lockout#user_lockout-stanza) for more details.
|
|
|
|
The user lockout configuration for the auth method at a given path can be tuned using auth tune. Please see [auth tune command](/vault/docs/commands/auth/tune)
|
|
or [auth tune api](/vault/api-docs/system/auth#tune-auth-method) for more details.
|
|
|
|
## API
|
|
|
|
Please see [sys/locked-users API](/vault/api-docs/system/user-lockout) for more details. |