2023-01-17 23:12:16 +00:00
---
layout: docs
page_title: User Lockout
description: >-
If a user provides bad credentials several times in quick succession,
Vault will stop trying to validate their credentials for a while, instead
returning immediately with a permission denied error.
---
# User Lockout
@include 'user-lockout.mdx'
## Precendence
The precedence for user lockout configuration is as follows:
Configuration for an auth mount using tune >> Configuration for an auth method in config file >>
Configuration for "all" auth methods in config file >> Default values.
The precedence for user lockout disable is as follows:
Disable using environment variable VAULT_DISABLE_USER_LOCKOUT >>
Configuration for an auth mount using tune >> Configuration for an auth method in config file >>
Configuration for "all" auth methods in config file >> Default values.
## Configuration
User lockout parameters can be configured using config file for "all" auth methods or a specific auth method (userpass, ldap, or approle).
2023-01-26 00:12:15 +00:00
Please see [user lockout configuration](/vault/docs/configuration/user-lockout#user_lockout-stanza) for more details.
2023-01-17 23:12:16 +00:00
2023-01-26 00:12:15 +00:00
The user lockout configuration for the auth method at a given path can be tuned using auth tune. Please see [auth tune command](/vault/docs/commands/auth/tune)
or [auth tune api](/vault/api-docs/system/auth#tune-auth-method) for more details.
2023-01-17 23:12:16 +00:00
## API
2023-01-26 00:12:15 +00:00
Please see [sys/locked-users API](/vault/api-docs/system/user-lockout) for more details.
