David Coutadeur wrote: > > Hello, > > I'd like to point out a new overlay that I wrote: > https://github.com/davidcoutadeur/explockout > > The aim is to require the user to wait for an exponential time before he can > authenticate again, after some failed authentications. > The overlay is quite simple: it relies on ppolicy for adding pwdFailureTime > attribute and compute the time the user has to wait. > > Maybe some of you can consider it useful. > Please anyone feel free to give your opinion, comments or improvements. > Also if OpenLDAP team is interested, I would be glad to have it incorporated > in official OpenLDAP contrib modules.
We've often discussed using such a wait approach for password failures. Sounds useful. > > David > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
