[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
From: hyc@symas.com
Date: Fri, 14 Aug 2015 14:38:56 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

subbarao@computer.org wrote:
> In the particular situation that's prompting this request, it's not just
> two or three values -- for one entry it was over 38000 values that had
> accumulated over time! (and generally high values for many other entries).

If you have entries with tens of thousands of Bind failures being recorded, 
you have a security monitoring problem. The limit applied by the patch for 
this ITS will only mask the problem. The fact that your security auditors 
haven't already noticed these tens of thousands of Bind failures and stopped 
them at their source means you've got a major vulnerability in your network 
security.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
Next by Date: Re: (ITS#8133) segfault at startup with memberof+dds
Index(es):
- Chronological
- Thread