[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server side delay for bad passwords?

To: Dan White <dwhite@olp.net>
Subject: Re: Server side delay for bad passwords?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 7 Feb 2008 19:10:00 +0100
Cc: openldap-software@openldap.org
In-reply-to: <47AB42FD.9070305@olp.net>
References: <47AB42FD.9070305@olp.net>

Dan White writes:
> I'm planning on allowing public access to my OpenLDAP server for
> address book access. I'm only planning to allow authenticated
> access, both via simple binds and SASL binds, not anonymously.
> (...)
> But I'd like to enforce a server side delay of, for example, 5
> seconds.

Several seconds' delay?  Your users would murder you.  Except the ones
who didn't know LDAP already and just concluded that LDAP is crap.

> I understand that I could implement the password policy overlay
> to temporarily lockout an account once it's reached a certain
> number of bad password attempts, but I believe that only applies
> to simple (-x) binds. Is that correct?

Don't know, but the manpage doesn't mention "simple", only "bind".

-- 
Hallvard

Follow-Ups:
- Re: [JunkMail] Re: Server side delay for bad passwords?
  - From: Howard Chu <hyc@symas.com>
- Re: Server side delay for bad passwords?
  - From: Dan White <dwhite@olp.net>

References:
- Server side delay for bad passwords?
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: Filtering on meberUid vs cn
Next by Date: Re: [JunkMail] Re: Server side delay for bad passwords?
Index(es):
- Chronological
- Thread