[Date Prev][Date Next]
RE: password policy enforcement
On Tue, 29 Feb 2000, Kurt D. Zeilenga wrote:
I understand that, I don't want it replicated. The problem is
when I've got something stored in the directory entry itself that has to
change to support this, then I need the replication. If you're
suggesting there's a way to do it without modifying the entry, that's what
would make the most sense.
# I would suggest that each count be local to a server and NOT
# This may sound odd, but it actually will minimize abuse. If
# you don't replicate the count, an attacker can get N*M attempts
# (N tries on M servers). However, if you replicate, you can
# get much more than this by trying N on M-1 slaves and then
# trying once on master to get another N on M-1 attempts...
# this can be repeated until the master count has been exceeded.
dustin sallings The world is watching America,
http://2852210114/~dustin/ and America is watching TV.