Hello,
Using Tomcat 8.0.22 on Linux CentOS 6.10:
Trying to setup Tomcat to authenticate users that use Basic
Auth.
I could (possibly) enter these users into the tomcat-users.xml
file but we are dealing with 1000 potential users.
What happens instead is (of course) the users fail to
authenticate and then subsequent attempts by the same user locks the user's
account.
11-Oct-2018 16:21:37.970 WARNING [http-nio-8088-exec-25]
org.apache.catalina.realm.LockOutRealm.authenticate An attempt was made to
authenticate the locked user "myuser"
This is 'normal' since after a failed attempt to log in, Tomcat
suspects a 'brute force attack' and locks the account.
I don't want to lose that security but (as mentioned above) I can't just enter
all users into the tomcat-users.xml file
So the basic question: How to do authentication of 1000 users that use Basic
Auth?
Thanks.
Tony
