[horde] Authentication retries bad passwords 9 times
Michael M Slusarz
slusarz at horde.org
Wed Aug 2 08:32:55 PDT 2006
Quoting "Daniel A. Ramaley" <daniel.ramaley at DRAKE.EDU>:
> Recently an authentication problem has come to my attention. We have two
> servers with different versions of Horde and Imp installed. Both are
> configured to use Imp for authentication, and for Imp to authenticate
> against our imap server.
>
> The old server has Horde 2.1 and Imp 3.2.5. If a user mistypes their
> password, Imp connects to the server 3 times (each time trying the
> password once) before reporting that it could not log in.
>
> The new server has Horde 3.1.2 and Imp 4.1.2. If the user mistypes their
> password, Imp tries to connect 3 times, each time trying the password
> thrice for a total of 9 login attempts before it gives up.
> Unfortunately, that number is high enough that the imap server thinks
> it is under attack and it locks the account for 5 minutes.
>
> I looked for a switch to change this behavior so that Imp only attempts
> to log in once with a bad password, but did not see anything. Is there
> a setting or a patch to disable the multiple login attempts that i
> overlooked? If so, where can i find it? Is this an IMAP library
> problem? Would a different version of the libraries help?
I've added a configuration option ('login_tries') in servers.php in
IMP 4.1.3 that allows the admin to configure the number of times
imap_open() is called before IMP will give up.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list