[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] password policy: delayed failures
On Jul 1, 2010, at 3:28 AM, Jim Willeke wrote:
> Just a comment on our experiences with LDAP server delays on failed bind attempts.
>
> We have encountered issues with applications when there is a delay between failed attempts.
> When there is an delay, the application is left waiting for a response from the server.
>
> This was the case with Novell's eDirectory for many years, there was a fixed delay, and due to this condition, Novell added a feature to make the delay adjustable.
>
> If the delay is 3 seconds and five people in a row fail there password, the application can only handle 5 people in 15 seconds, which is an eternity in our context.
I noted this in my original comment and first followup, including providing two possible solutions. I favor adding an "authenticate" extended operation.
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext