15 Sep
2018
15 Sep
'18
12:59 p.m.
On 15 September 2018 at 12:32 Peter Mogensen <apm@one.com> wrote:
On 09/15/2018 10:41 AM, Aki Tuomi wrote:
Point of sending the success ones is to maintain whitelist as well as blacklist so you know which ones you should not tarpit anymore. We know it does scale as we have very large deployments using the whole three request per login model.
"Success" in a proxy which is not it self authenticating is only whether it know where to proxy the requested username to. I'm not sure whether this would be input to a whitelist.
I'm not doubting that 3 req/login scales.
/Peter
This is rather uncommon use-case. Most cases authentication occurs on proxy and is forwarded using, say, master password on to the backend.
Aki