Lock OpenShift user account after X failed login attempts

Solution Unverified - Updated -

Issue

For security purposes, it would be helpful to lock a user account and not allow any further logins to that user after a number of failed login attempts. Otherwise, an attacker with access to the OpenShift API might be able to perform a brute-force attack by trying random combinations of passwords for a specific user until they get a match.

# Example brute force attack on user `user1` using `oc login`
$ oc login -u user1 -p <password1> <API_URL>
$ oc login -u user1 -p <password2> <API_URL>
$ oc login -u user1 -p <password3> <API_URL>

Environment

  • OpenShift Container Platform 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content