https://bz.apache.org/bugzilla/show_bug.cgi?id=59708
--- Comment #1 from Mark Thomas <ma...@apache.org> --- Thanks for the report. To answer the question, the LockOutRealm currently treats any authentication attempt during the lock out period as a failure. This does mean that once an account is locked out, if the legitimate users attempts to login more frequently that the lockout period that user is never going to regain access. It does make sense to change this behaviour (and document it) so that valid logins do not extend the lockout period. I'll take a look at a patch. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
