[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie question: setting userPassword field

To: Earl Robinson <earl@earlrobinson.com>
Subject: Re: Newbie question: setting userPassword field
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 07 Feb 2000 19:31:37 -0800
Cc: Dan <dan@fatcanary.com.au>, openldap-software@OpenLDAP.org
In-reply-to: <389F8B75.C2C18819@earlrobinson.com>
References: <3.0.5.32.20000207183134.00998670@infidel.boolean.net> <3.0.5.32.20000207190217.00991620@infidel.boolean.net>

At 10:20 PM 2/7/00 -0500, Earl Robinson wrote:
>While we're on the topic of passwords and security, is there a way to
>get openldap to lock an account when someone has failed to authenticate
>x times in a row?  if so, how would you unlock, and can it just lock for
>a specified period of time? From a security standpoint, this is an
>essential feature, otherwise, you are wide open to brute-force password
>attacks.

OpenLDAP 1.x does not support password policies.  I suggest
use of SSHA (and well choosen passwords) to reduce the
feasibility of brute-force and dictionary password attacks.

References:
- RE: Newbie question: setting userPassword field
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: Newbie question: setting userPassword field
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Newbie question: setting userPassword field
  - From: Earl Robinson <earl@earlrobinson.com>

Prev by Date: Re: Newbie question: setting userPassword field
Next by Date: RE: Newbie question: setting userPassword field
Index(es):
- Chronological
- Thread