[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] possible denial of other users account (when pwdLockout=True)
jay alvarez wrote:
>
> when pwdLockout is set to True in ppolicy, then users
> my use other users "username" and provide an invalid
> password, login a couple of times until the account of
> that poor user is locked.. Any suggestion about this?
Many security people are not aware of this problem. In real life you
could lock down big companies with a small script if you know the user
IDs and such a "strict" password policy with infinite failure lock is in
effect.
I've argued so many times to let the server unlock the account
automatically after a short time (see pwdLockoutDuration). But people
does not seem to take this problem seriously enough.
Ciao, Michael.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext