[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 'Max login attempts' variable/config?

> when there is no longer anything to take away.
>                -- Antoine de Saint-Exupery
> Date: 14 Dec 2000 14:36:16 +0100
> Message-ID: <87puiv5dm7.fsf@papadoc.bayour.com>
> Lines: 13
> User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> I'd like to limit the number of tries a user can enter the wrong
> password in one go...
> I'm currently running 'http://www.phenoelit.de/kold/' against my
> LDAP server (with a word list of 257k words)...
> I'd like to make this kind of attempts 'impossible' (or at least
> make it more difficult).
> Currently I've put a ipchains rule that makes it impossible to
> search the db from anywhere but our own SID block and put did
> some reasonable ACL rules, but ...

Sounds like you'd like to have this policy in the server.  However,
I think this is problematic as there may be good reasons to bind
to the server from various hosts within your organizations, and
perhaps from outside (eg. address books).  This sort of thing should
be implemented from the client, eg. the unix 'login' that exits after,
say, 3 tries.