Posted by cloakedcode on May 20, 2011 at 9:21pm
User knock emulates "port knocking" by disabling the superuser (uid 1) account when they log out. In order to log into the account, a "secret knock" must first happen. This knock is provided in Configuration -> User knock as a URL with a generated key. Once that URL has been visited, the superuser account is activated and login proceeds as normal.
This reduces the chances of the superuser's password being bruteforced, as the account is disabled until the knock.