[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] possible denial of other users account (when pwdLockout=True)

To: jay alvarez <ldapb0y@yahoo.com>
Subject: Re: [ldapext] possible denial of other users account (when pwdLockout=True)
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 28 Mar 2006 09:24:48 +0200
Cc: Ldapext@ietf.org
In-reply-to: <20060328041843.60905.qmail@web38913.mail.mud.yahoo.com>
References: <20060328041843.60905.qmail@web38913.mail.mud.yahoo.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920

jay alvarez wrote:
> 
> when pwdLockout is set to True in ppolicy, then users
> my use other users "username" and provide an invalid
> password, login a couple of times until the account of
> that poor user is locked.. Any suggestion about this?

Many security people are not aware of this problem. In real life you
could lock down big companies with a small script if you know the user
IDs and such a "strict" password policy with infinite failure lock is in
effect.

I've argued so many times to let the server unlock the account
automatically after a short time (see pwdLockoutDuration). But people
does not seem to take this problem seriously enough.

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] possible denial of other users account (when pwdLockout=True)
  - From: jay alvarez <ldapb0y@yahoo.com>

Prev by Date: [ldapext] possible denial of other users account (when pwdLockout=True)
Index(es):
- Chronological
- Thread