[imp] wrong password delay
Syahrul Sazli Shaharir
sazli at surfopen.com
Mon Mar 17 13:21:46 PST 2003
On Sun, 16 Mar 2003, jkpsj wrote:
> setup: horde 2.2.1, imp 3.2, courier, qmail-ldap, rh7.2
>
> everything is working fine EXCEPT when i typed in a wrong password at
> the login screen, it took ages to spit out the wrong password message.
>
> how could i speed this up ?
This delay occurs in two places:-
1. courier-imap: 5-second delay for each failed login. See:-
http://inter7.com/courierimap/authlib.html
Search for 'sleep'. You need to reduce the last parameter for
authmoduser() in imap/imaplogin.c (or poplogin.c if you use POP3).
2. cclient: 3 attempts before giving up. See:-
http://www.washington.edu/imap/documentation/internal.txt.html
Search for 'MAXLOGINTRIALS'. Probably an easiest hack is to reduce
'#define MAXLOGINTRIALS 3' in src/c-client/imap4r1.h. You might need to
recompile php.
My suggestions are untested (i.e. try it yourself).. and personally I
wouldn't reduce the delay too much, to discourage brute force login
attempts.
Hope it helps.
--sazli
cd /open/source; make world
http://pgp.mit.edu:11371/pks/lookup?search=0x382141B4&op=index
More information about the imp
mailing list