Redis Enterprise Software secures user access in a few different ways, including automatically:

  • Locking user accounts after a series of authentication failures (invalid passwords)

  • Signing sessions out after a period of inactivity

Here, you learn how to configure the relevant settings.

User login lockout

The parameters for the user login lockout are:

  • Login Lockout Threshold - The number of failed login attempts allowed before the user account is locked. (Default: 5 minutes)
  • Login Lockout Counter Reset - The amount of time during which failed login attempts are counted. (Default: 15 minutes)
  • Login Lockout Duration - The amount of time that the user account is locked after excessive failed login attempts. (Default: 30 minutes)

By default, after 5 failed login attempts within 15 minutes, the user account is locked for 30 minutes.

You can view the user login restrictions for your cluster with:

rladmin info cluster | grep login_lockout

Change the login lockout threshold

You can set the login lockout threshold with the command:

rladmin tune cluster login_lockout_threshold <login_lockout_threshold>

For example, to set the lockout threshold to 10 failed login attempts, run:

rladmin tune cluster login_lockout_threshold 10

If you set the lockout threshold to 0, it turns off account lockout. In this case, the cluster settings show login_lockout_threshold: disabled.

Change the login lockout counter

You can set the login lockout reset counter in seconds with the command:

rladmin tune cluster login_lockout_counter_reset_after <login_lockout_counter_reset_after>

To set the lockout reset to 1 hour, run:

rladmin tune cluster login_lockout_counter_reset_after 3600

Change the login lockout duration

You can set the login lockout duration in seconds with the command:

rladmin tune cluster login_lockout_duration <login_lockout_duration>

For example, to set the lockout duration to 1 hour, run:

rladmin tune cluster login_lockout_duration 3600

If you set the lockout duration to 0, then the account can be unlocked only when an administrator changes the account’s password. In this case, the cluster settings show login_lockout_duration: admin-release.

Unlock locked user accounts

To unlock a user account or reset a user password with rladmin, run:

rladmin cluster reset_password <user email>

To unlock a user account or reset a user password with the REST API, use PUT /v1/users:

PUT https://[host][:port]/v1/users
    '{"password": "<new_password>"}'

Session timeout

The Redis Enterprise admin console supports session timeouts. By default, users are automatically logged out after 15 minutes of inactivity.

To customize the session timeout, run:

rladmin cluster config cm_session_timeout_minutes <number_of_min>

The number_of_min is the number of minutes after which sessions will time out.