Bruteforce Protection (without fail2ban)


A real cool security benefit would be a User Lockout // Bad Password Counter for Local Users.

An Admin can specify a policy that after a defined amount of Bad Password counts, a user will be blocked for a defined amount of time or even locked out permanently so admin action would be required.

An Admin configures 20pwd per user and a block time for 30minutes, so the user can login after that without admin action

The Problem with Fail2Ban is that most of Admins do not seperately install + configure things, so it would be a security benefit for a lot of people with less knowledge (we really have to protect them) and reduces the external dependencies


Totally agree with this feature.

There is already a feature request on github:


Thx for Info - That looks good!

Iā€™m looking forward to the next Nextcloud :slight_smile: