http://bugzilla.novell.com/show_bug.cgi?id=550660
User jreidinger@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550660#c1
Josef Reidinger changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
CC| |jreidinger@novell.com
Info Provider| |kkaempf@novell.com
--- Comment #1 from Josef Reidinger 2009-10-29 05:05:08 MDT ---
I think about it and for me the simplest solution is to have sleep during
failed login and singleton counter, which counts fail login attemp and if
number is above specified border, then disallow login. Because it should allow
normal user to login, it should be time limited. So fail attemp has also last
failed attemp and if it is more then e.g. 10 minutes, then clear counter. Also
disallow logging should be only for limited time e.g. 10 minutes.
So if we set borders to 5 failed attempts and 10 minutes, then attacker could
try 720 password per day, which is useless for brutal-force attack.
Klaus - what do you think? If you agree I can implement it.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.