[Pkg-auth-maintainers] Bug#705936: implement account lock-out after multiple login failures
Daniel Pocock
daniel at pocock.com.au
Mon Apr 22 13:48:40 UTC 2013
Package: dynalogin
Severity: wishlist
dynalogin stores a "failure_count" value for each account.
It is incremented each time a login fails and it is reset to zero when a
login succeeds
However, the code doesn't currently implement any check to deny logins
when the failure_count exceeds a threshold
It should be possible to define a configuration parameter:
dynalogin.max_failures=3
and if three subsequent login attempts are rejected, then no login is
permitted
The fix belongs in libdynalogin/dynalogin.c
More information about the Pkg-auth-maintainers
mailing list