[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password policy - alternate lockout mechanism

To: Aravind Gottipati <aravind@freeshell.org>
Subject: Re: password policy - alternate lockout mechanism
From: Howard Chu <hyc@symas.com>
Date: Tue, 27 Jan 2009 09:28:01 -0800
Cc: openldap-software@openldap.org
In-reply-to: <a1348d630901261702h2bc88204o2b21b549e18e936a@mail.gmail.com>
References: <a1348d630901261702h2bc88204o2b21b549e18e936a@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.1b3pre) Gecko/20090115 SeaMonkey/2.0a1pre Firefox/3.0.3

Aravind Gottipati wrote:

Hi,

The current password policy module can lock folks out after some
configurable number of failed attempts.  The module currently does not
differentiate between a user failing with the same wrong password a
bunch of times versus a crack attempt where someone tries multiple
different wrong passwords.  Are there any modules that take into
account if the same password is being used a bunch of times or if
multiple different passwords are failing?

No.

Could this be a useful
feature worth requesting (if it doesn't exist already)?

What makes you think a legitimate user who forgot their password won't try multiple times with different passwords? I.e., what makes you think you can distinguish a cracker from a legit user this way?

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: password policy - alternate lockout mechanism
  - From: Aravind Gottipati <aravind@freeshell.org>

References:
- password policy - alternate lockout mechanism
  - From: Aravind Gottipati <aravind@freeshell.org>

Prev by Date: LDAP Crash while replication
Next by Date: Re: password policy - alternate lockout mechanism
Index(es):
- Chronological
- Thread