[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: pplolicy lockout grace time? - alternatives

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: pplolicy lockout grace time? - alternatives
From: Chris Jacobs <Chris.Jacobs@apollo.edu>
Date: Wed, 21 May 2014 09:16:15 -0700
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
Thread-index: Ac91D/ye6cVa7TsMSmOXHJzn33pdjQ==
Thread-topic: pplolicy lockout grace time? - alternatives

> First of all, password lockout itself is a dumb idea, and we only implement it
> because it's part of the original ppolicy spec. The ppolicy spec is pathetically
> bad though.

What methods aren't dumb ideas that accomplish account unavailability on N password failures?

> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.

Follow-Ups:
- Re: pplolicy lockout grace time? - alternatives
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Datatype mapping for openldap
Next by Date: Re: Datatype mapping for openldap
Index(es):
- Chronological
- Thread