[Dovecot] SQL/LDAP Lockouts?

Ben Beuchler insyte at emt-p.org
Fri Dec 10 19:29:42 EET 2004


On Fri, Dec 10, 2004 at 08:56:03AM -0800, Dan Stromberg wrote:

> 1) If you get a good auth, you're in
> 2) If you get a bad auth, or the response takes more than n
> milliseconds/seconds, try the next password

Is there any reason to make tarpitting logic non-persistent?  It seems a
robust implementation would keep track of IPs that have failed logins.
Removing the record, of course, at the first successful login.

-Ben

-- 
Ben Beuchler                                           There is no spoon.
insyte at emt-p.org                                            -- The Matrix


More information about the dovecot mailing list