2 May
2024
2 May
'24
4:48 p.m.
auth_failure_delay = 2 secs ?
That will still simply wait before *rejecting* the login, compared to *dropping the connection*.
We are thus looking for three different behaviours:
If backend confrims auth, ACK auth + proceed (grant access) to email.
If backend confirm "no such user" or "invalid creds", wait for auth_failure_delay and then *reject* the login.
If the backend fails (ie, can neither confirm nor deny), simply drop the connection.
I hope this is more clear.
Yes that is more clear, but no idea (seems a little out of scope to support by design)