[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
- From: hyc@symas.com
- Date: Fri, 14 Aug 2015 14:38:56 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
subbarao@computer.org wrote:
> In the particular situation that's prompting this request, it's not just
> two or three values -- for one entry it was over 38000 values that had
> accumulated over time! (and generally high values for many other entries).
If you have entries with tens of thousands of Bind failures being recorded,
you have a security monitoring problem. The limit applied by the patch for
this ITS will only mask the problem. The fact that your security auditors
haven't already noticed these tens of thousands of Bind failures and stopped
them at their source means you've got a major vulnerability in your network
security.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/