From owner-freebsd-security  Fri Nov 13 06:54:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA15114
          for freebsd-security-outgoing; Fri, 13 Nov 1998 06:54:18 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA15109
          for <freebsd-security@FreeBSD.ORG>; Fri, 13 Nov 1998 06:54:16 -0800 (PST)
          (envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.9.1/8.8.8) id GAA20045;
	Fri, 13 Nov 1998 06:53:25 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda20043; Fri Nov 13 06:53:16 1998
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.1/8.9.1) id GAA23842;
	Fri, 13 Nov 1998 06:53:15 -0800 (PST)
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by passer.osg.gov.bc.ca, id smtpdN23840; Fri Nov 13 06:52:56 1998
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.1/8.9.1) id GAA15069;
	Fri, 13 Nov 1998 06:52:53 -0800 (PST)
Message-Id: <199811131452.GAA15069@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdd15065; Fri Nov 13 06:52:43 1998
X-Mailer: exmh version 2.0.2 2/24/98
Reply-to: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
X-Sender: cy
To: Robert Watson <robert+freebsd@cyrus.watson.org>
cc: oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG
Subject: Re: Intruder Lockout 
In-reply-to: Your message of "Wed, 11 Nov 1998 15:29:35 EST."
             <Pine.BSF.3.96.981111152714.1143B-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 13 Nov 1998 06:52:40 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.3.96.981111152714.1143B-100000@fledge.watson.org>, 
Robert
Watson writes:
> 
> I have always found the lockout behavior of some operating systems a
> little upsetting; the opportunity for denying service is quite large,
> especially to the administrator.  On the other hand, the excluding the
> administrator from lockout behavior of NT doesn't seem desirable quite
> right either :).  Besides which, suppose someone enters the wrong password
> in the POP or IMAP mail reader -- it may retry the connection several
> times (if set to check mail often) before the user notices, and lockout
> can occur quickly in that kind of situation.
> 
> Probably the best solution is to enforce better passwords, or use of
> PK-based authentication.  Or one-time passwords.

How about Kerberos?  FreeBSD comes with Kerberos IV and there is a 
Kerberos V port in the ports collection.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  cschuber@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Government of BC            




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message