4 Jun
2009
4 Jun
'09
7:23 p.m.
On Thu, 2009-06-04 at 18:13 +0200, henry ritzlmayr wrote:
Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it?
I think the growing delay is a better idea.
The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file?
Yes, more settings in config file does hurt. There are way too many of them already. But passdb could perhaps return "disconnect" field if authentication failed..