Baenen Eric P Contr AFRL/HEC wrote:
The SUSE secure alternative of login delays (ours set to 20 seconds) quite effectively deters brute force attacks and logging of failed login attempts with notification gives us indications when "something isn't right" - but unfortunately we don't have a say in the matter.
Did 'management' say how *long* the lockout had to be? The 20 second delay could be characterized as a very brief "lockout". If they don't like that, then change the number to 20 minutes, or 20 years if they really insist. Better yet would be if the delay grew exponentially with each failure. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com