Re: [389-users] Bind to consumer binds to provider as well

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >
> > In both A and B you could have a higher number of attempts than is
> actually allowed before the replicated failed login attempts gets written
> back to consumer where it will stop the user authenticating. There is a
> marginal potential for higher number of potential requests if you don't
> chain bind requests. However this would probably only be exposed if
> someone is trying to programmatically break the system as normal retry
> time on the console would take longer than the time it would take to
> replicate failed login attempts back.
> >
> > If the delay time between the consumer and the chaining backend is quite
> big then it makes authenticating against the chaining backend rather slow
> and takes away scalability in my opionion. Although you would need a very
> high number of bind requests before it becomes a problem. Latency is really
> the big issue here.
> >
> Are you using global password policy?
> >

Yes we are using the global password policy. The policy is enforced on the consumers to which the client authenticates but not on the providers which is firewalled off from any direct clients.

Regards


________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux