[Pkg-auth-maintainers] Bug#705936: implement account lock-out after multiple login failures

Daniel Pocock daniel at pocock.com.au
Mon Apr 22 13:48:40 UTC 2013


Package: dynalogin
Severity: wishlist

dynalogin stores a "failure_count" value for each account.

It is incremented each time a login fails and it is reset to zero when a
login succeeds

However, the code doesn't currently implement any check to deny logins
when the failure_count exceeds a threshold

It should be possible to define a configuration parameter:

dynalogin.max_failures=3

and if three subsequent login attempts are rejected, then no login is
permitted

The fix belongs in libdynalogin/dynalogin.c



More information about the Pkg-auth-maintainers mailing list