Lock OpenShift user account after X failed login attempts
Issue
For security purposes, it would be helpful to lock a user account and not allow any further logins to that user after a number of failed login attempts. Otherwise, an attacker with access to the OpenShift API might be able to perform a brute-force attack by trying random combinations of passwords for a specific user until they get a match.
# Example brute force attack on user `user1` using `oc login`
$ oc login -u user1 -p <password1> <API_URL>
$ oc login -u user1 -p <password2> <API_URL>
$ oc login -u user1 -p <password3> <API_URL>
Environment
- OpenShift Container Platform 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.