Locking an account after invalid login attempts

As a security measure, you can configure Hue to lock an account after a set number of unsuccessful or invalid login attempts by specifying the number of attempts in the login_failure_limit parameter and setting the login_lock_out_at_failure parameter to true in the Hue Advanced Configuration Snippet in Cloudera Manager.

  1. Log in to Cloudera Manager as an Administrator.
  2. Go to Clusters > Hue > Configuration and add the following lines in the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field:
    [desktop]
    [[auth]]
    login_failure_limit=[***NUMBER-OF-ATTEMPTS-BEFORE-ACCOUNT-LOCKOUT***]
    login_lock_out_at_failure=true
    Replace [***NUMBER-OF-ATTEMPTS-BEFORE-ACCOUNT-LOCKOUT***] with the number of unsuccesful login attempts after which you want to lock an account. For example, if you set login_failure_limit to 3, then the user will be locked out on the third invalid attempt.
  3. Click Save Changes.
  4. Restart the Hue service to apply stale configurations.
    You can use the Rolling Restart option to minimize downtime.
A user's account will be locked out after crossing the set number of invalid login attempts and the following message is displayed "Account locked: too many login attempts. Contact an admin to unlock your account."