0

I have been looking at Red Hat's Directory server 9 (aka 389 directory server). One thing I was looking to find out was how account lockouts are handled if the same invalid password is repeated over and over (e.g. someone changed their password, but didn't update the email client on their "smart" phone which repeatedly hammers their account with the old password).

OpenLDAP counts each duplicate failure as an attempt, and locks users out. I was wondering how directory server 389 handled this. I didn't see any configuration options in the admin guide that suggested it was an option.

Thanks, Carl

Carl Waldbieser
  • 3
  • 1

1 Answers1

0

389 has no concept of a "duplicate" failed password attempt. The server does not cache the failed password needed to distinguish between a live brute force password cracking attempt and repeated authentication attempts using the same invalid password.

It may be possible through a plugin, but I have not seen such.

Andy
  • 1,111
  • 1
  • 7
  • 10