Date: Fri, 13 Nov 1998 06:52:40 -0800 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG Subject: Re: Intruder Lockout Message-ID: <199811131452.GAA15069@cwsys.cwsent.com> In-Reply-To: Your message of "Wed, 11 Nov 1998 15:29:35 EST." <Pine.BSF.3.96.981111152714.1143B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.981111152714.1143B-100000@fledge.watson.org>, Robert Watson writes: > > I have always found the lockout behavior of some operating systems a > little upsetting; the opportunity for denying service is quite large, > especially to the administrator. On the other hand, the excluding the > administrator from lockout behavior of NT doesn't seem desirable quite > right either :). Besides which, suppose someone enters the wrong password > in the POP or IMAP mail reader -- it may retry the connection several > times (if set to check mail often) before the user notices, and lockout > can occur quickly in that kind of situation. > > Probably the best solution is to enforce better passwords, or use of > PK-based authentication. Or one-time passwords. How about Kerberos? FreeBSD comes with Kerberos IV and there is a Kerberos V port in the ports collection. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811131452.GAA15069>