[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 'Max login attempts' variable/config?

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: 'Max login attempts' variable/config?
From: kunkee@neosoft.com (Randy Kunkee)
Date: Thu, 14 Dec 2000 09:56:23 -0600 (CST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20001214133616.3603.qmail@papadoc.bayour.com> from Turbo Fredriksson at "Dec 14, 2000 01:36:16 pm"

> when there is no longer anything to take away.
>                -- Antoine de Saint-Exupery
> 
> Date: 14 Dec 2000 14:36:16 +0100
> Message-ID: <87puiv5dm7.fsf@papadoc.bayour.com>
> Lines: 13
> User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> 
> I'd like to limit the number of tries a user can enter the wrong
> password in one go...
> 
> I'm currently running 'http://www.phenoelit.de/kold/' against my
> LDAP server (with a word list of 257k words)...
> 
> I'd like to make this kind of attempts 'impossible' (or at least
> make it more difficult).
> 
> Currently I've put a ipchains rule that makes it impossible to
> search the db from anywhere but our own SID block and put did
> some reasonable ACL rules, but ...
> 
> 

Sounds like you'd like to have this policy in the server.  However,
I think this is problematic as there may be good reasons to bind
to the server from various hosts within your organizations, and
perhaps from outside (eg. address books).  This sort of thing should
be implemented from the client, eg. the unix 'login' that exits after,
say, 3 tries.

Randy

Follow-Ups:
- need help! any tutorials?
  - From: berrebi remy <remy.berrebi@kelkoo.net>
- Re: 'Max login attempts' variable/config?
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

References:
- 'Max login attempts' variable/config?
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: question about authentication
Next by Date: Re: Suffix/rootdn confusion....
Index(es):
- Chronological
- Thread