[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proposition of overlay explockout

To: David Coutadeur <david.coutadeur@gmail.com>, openldap-technical@openldap.org
Subject: Re: Proposition of overlay explockout
From: Howard Chu <hyc@symas.com>
Date: Fri, 21 Sep 2018 14:14:20 +0100
In-reply-to: <5BA4B79D.7050401@gmail.com>
References: <CAL017hDXz4j6DQ2jMuRcZ8p31hwTvqWWFaZfB-EGSyC0_5HXoA@mail.gmail.com> <20180921104521.33f93893@pink.fritz.box> <5BA4B79D.7050401@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53

David Coutadeur wrote:
> 
> Hello,
> 
> I'd like to point out a new overlay that I wrote:
> https://github.com/davidcoutadeur/explockout
> 
> The aim is to require the user to wait for an exponential time before he can authenticate again, after some failed authentications.
> The overlay is quite simple: it relies on ppolicy for adding pwdFailureTime attribute and compute the time the user has to wait.
> 
> Maybe some of you can consider it useful.
> Please anyone feel free to give your opinion, comments or improvements.
> Also if OpenLDAP team is interested, I would be glad to have it incorporated in official OpenLDAP contrib modules.

We've often discussed using such a wait approach for password failures. Sounds useful.
> 
> David
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- A couple of questions regarding replication and user mapping
  - From: Karsten Heymann <karsten.heymann@gmail.com>
- Re: A couple of questions regarding replication and user mapping
  - From: Dieter Klünter <dieter@dkluenter.de>
- Proposition of overlay explockout
  - From: David Coutadeur <david.coutadeur@gmail.com>

Prev by Date: Proposition of overlay explockout
Next by Date: Re: How to make ldap evaluate clear text password vs DES stored password
Index(es):
- Chronological
- Thread