[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server side delay for bad passwords?



Dan White writes:
> I'm planning on allowing public access to my OpenLDAP server for
> address book access. I'm only planning to allow authenticated
> access, both via simple binds and SASL binds, not anonymously.
> (...)
> But I'd like to enforce a server side delay of, for example, 5
> seconds.

Several seconds' delay?  Your users would murder you.  Except the ones
who didn't know LDAP already and just concluded that LDAP is crap.

> I understand that I could implement the password policy overlay
> to temporarily lockout an account once it's reached a certain
> number of bad password attempts, but I believe that only applies
> to simple (-x) binds. Is that correct?

Don't know, but the manpage doesn't mention "simple", only "bind".

-- 
Hallvard