C. Bensend wrote: > > > No, there is not. Does anyone want to suggest a possible implementation > > for the TODO list? > > I would like to see a combination of number of login failures and a > timeout, configurable via the conf file. Say, X login failures > disables further logins for that account for Y minutes. > > That would be groovy. :) I would like to pick something that matches what a typical Unix system does because I think the _fancy_ solutions actually cause weird problems like denial-of-service attacks by just trying to log in. How do typical open source Unix's handle it? It think they slow down prompting for a password --- but as I remember we only allow one password attempt per connection so that is already covered. -- Bruce Momjian | http://candle.pha.pa.us pgman@xxxxxxxxxxxxxxxx | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
