powered by Jive Software

Administrator account security

For the default profile configuration,

Is it possible to lock the administrator account after a certain number of invalid login attempts at the web admin console?

E.x. - If the administrator tries to login and fails 3 consecutive times then the account will be locked for 15 minutes?

If not, does Openfire record the number of invalid login attempts (for the default configuration) anywhere?


There is no such option. Personally i protect access to Admin Console with firewall.

Failed logins are stored in Warn log like this:

2009.05.14 22:18:51 Failed admin console login attempt by admin from


if your Administrator is still named “admin” then you may really want to change this.

With Linux and iptables you could limit the SYN packets sent to port 909x but this does not help when one tries to connect via XMPP ( port 5222).