Password Recovery

usermgr.passwordrecovery.enabled: Switch password recovery on or off.

Allowed values: true, false
usermgr.passwordrecovery.showstartpagelink: Password recovery link on the login page of the Administrator.

Allowed values: true or false
usermgr.passwordrecovery.baseurl: URL used to put into the password recovery mailing template.
usermgr.passwordrecovery.timeout: Defines the validity of a password recovery request in minutes. If the timeout value is exceeded the recovery request is invalidated and the user has to request another password recovery.

Default value: 1440 minutes (1 day)
usermgr.passwordrecovery.retentionPeriodMinutes: Defines the period in minutes after which unfinished password recovery requests are automatically deleted. Set this value to 0 to disable automatic deletion.

Default value: 43200 minutes (30 days)

Since version 4.23.0
usermgr.passwordrecovery.attemptDelayMillisPerIp: Defines the minimum time in milliseconds between two password recovery requests from the same IP address to prevent DoS attacks. If you set this value to 0 then this protection is disabled.

Default value: 60000 ms = 1 minute

Since version 4.23.0