Re: lock user account after 3 bad logins?
On Tue, 9 Mar 1999, Eliezer Figueroa wrote:
> how do I can specify how many times a user can write a bad password
> before the system disonect that account. And of course after the account
> is lock, how do I unlock it.
> Get Your Private, Free Email at http://www.hotmail.com
Sorry for the late reply, but I don't think you want this. This is
extremely vulnerable to denial-of-service attacks. By just knowing
somebody's username, you can block his/her account by trying to log in
a few times as him/her with the wrong password.
Remco
--
rd31-144: 4:00pm up 7 days, 22:24, 6 users, load average: 1.20, 1.30, 1.27
Reply to: