diff --git a/apps/authentication/backends/api.py b/apps/authentication/backends/api.py
index 63356eff6..9da3bbbc3 100644
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -8,7 +8,7 @@ from django.core.cache import cache
 from django.utils.translation import ugettext as _
 from six import text_type
 from django.contrib.auth import get_user_model
-from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.backends import ModelBackend as DJModelBackend
 from rest_framework import HTTP_HEADER_ENCODING
 from rest_framework import authentication, exceptions
 from common.auth import signature
@@ -25,6 +25,11 @@ def get_request_date_header(request):
     return date
 
 
+class ModelBackend(DJModelBackend):
+    def user_can_authenticate(self, user):
+        return user.is_valid
+
+
 class AccessKeyAuthentication(authentication.BaseAuthentication):
     """App使用Access key进行签名认证, 目前签名算法比较简单,
     app注册或者手动建立后,会生成 access_key_id 和 access_key_secret,
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
index 9fe5886c0..502146f13 100644
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -120,7 +120,7 @@ LOGIN_CONFIRM_ENABLE = CONFIG.LOGIN_CONFIRM_ENABLE
 OTP_IN_RADIUS = CONFIG.OTP_IN_RADIUS
 
 
-AUTH_BACKEND_MODEL = 'django.contrib.auth.backends.ModelBackend'
+AUTH_BACKEND_MODEL = 'authentication.backends.api.ModelBackend'
 AUTH_BACKEND_PUBKEY = 'authentication.backends.pubkey.PublicKeyAuthBackend'
 AUTH_BACKEND_LDAP = 'authentication.backends.ldap.LDAPAuthorizationBackend'
 AUTH_BACKEND_OIDC_PASSWORD = 'jms_oidc_rp.backends.OIDCAuthPasswordBackend'