[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] possible denial of other users account (when pwdLockout=True)



jay alvarez wrote:
> 
> when pwdLockout is set to True in ppolicy, then users
> my use other users "username" and provide an invalid
> password, login a couple of times until the account of
> that poor user is locked.. Any suggestion about this?

Many security people are not aware of this problem. In real life you
could lock down big companies with a small script if you know the user
IDs and such a "strict" password policy with infinite failure lock is in
effect.

I've argued so many times to let the server unlock the account
automatically after a short time (see pwdLockoutDuration). But people
does not seem to take this problem seriously enough.

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext