Support Questions

sriramhadoop27 · ‎05-22-2018

Hi,

Is there any configuration in Zeeplin which disables a user login after multiple unsuccessful login attempts?

If yes, could you please provide me the same

Thanks for your time and effort

umair_khan · ‎05-22-2018

There is no configuration in Zeppelin to disable user login on excessive attempts.

However, Zeppelin uses Apache Shiro for authentication which has un-handled exception catch for ExcessiveAttemptsException. You will need to implement and deploy on your own.

https://shiro.apache.org/authentication.html#Authentication-Step3%3AHandlingSuccessorFailure

http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-td4534742.html

VR46 · ‎05-22-2018

Hello @Sriram,

Zeppelin can not (& should not) disable user login upon multiple unsuccessful attempts. It is the duty of underlying authentication service (AD or LDAP) to do so. Organizations usually define this in login policy (like password policy, account lockout policy etc.) at the authentication service. Zeppelin, like any other service, just reacts to these policies.

Hope this helps!

sriramhadoop27 · ‎05-23-2018

@Vipin, @Umair Khan Thanks for your time and kind help.

Support Questions

Block user after multiple unsuccessful login attempts to Zeeplin UI.