From owner-freebsd-security  Fri Nov 13 08:36:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA28879
          for freebsd-security-outgoing; Fri, 13 Nov 1998 08:36:17 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA28658
          for <freebsd-security@FreeBSD.ORG>; Fri, 13 Nov 1998 08:35:52 -0800 (PST)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id TAA04176; Fri, 13 Nov 1998 19:34:03 +0300 (MSK)
Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id TAA00239; Fri, 13 Nov 1998 19:33:56 +0300 (MSK)
Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Fri, 13 Nov 1998 19:33:28 +0300
Received: from undisclosed-intranet-sender id xma008006; Fri, 13 Nov 98 19:33:07 +0300
Date: Fri, 13 Nov 1998 19:38:08 +0300
Message-Id: <199811131638.TAA14441@paranoid.eltex.spb.ru>
In-Reply-To: <199811131452.GAA15069@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Intruder Lockout 
To: cschuber@uumail.gov.bc.ca
Cc: robert+freebsd@cyrus.watson.org, oortiz@LCSI.COM,
        freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Kerberos is a big problem itself: you have to kerberize _everything_
that is even harder than SSLeay'ing it..

Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> said :

> > in the POP or IMAP mail reader -- it may retry the connection several
> > times (if set to check mail often) before the user notices, and lockout
> > can occur quickly in that kind of situation.
> > 
> > Probably the best solution is to enforce better passwords, or use of
> > PK-based authentication.  Or one-time passwords.
> 
> How about Kerberos?  FreeBSD comes with Kerberos IV and there is a 
> Kerberos V port in the ports collection.
> with "unsubscribe freebsd-security" in the body of the message
> 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNkxgbKH/mIJW9LeBAQGk1wP/TcSWp7VSm3uMKVjEYBbZANB53vPveEPZ
tKqa8nKmrAM4HwV5oOjg22yGSrZuv3ZIF+T+eEu+/ASEy0qRtvKs23WDEycXokOA
76HUvZGwf8zhSWTLia9+1JRlYyKKfZKJ5exY8HN6ldOJyjIBCsWWFISl2a8zAMhL
8IE1bJsVEUA=
=VoKE
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message