Hi. On my installation it seems the default values for the global password policy includes the following:
$ ipa pwpolicy-show Group: global_policy … Max failures: 6 Failure reset interval: 60 Lockout duration: 600 Does anyone actually employ this max. failures/lockout functionality (i.e. not disable it)? Maybe you have found more useful values than the above defaults? If you do use the above functionality, don't you find your users getting DoS'd by script-kiddie brute-force password cracking attempts? On the face of it, I can see what these parameters are attempting to achieve, but in the real world they do so at the expense of locking legitimate users out of their accounts. So I'm just wondering how people deal with that. Cheers, b. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
