[imp] Re: IMP Account Lockout Mechanism?
Edwin L. Culp
eculp at encontacto.net
Mon Apr 11 17:31:45 PDT 2005
Quoting Brian Clark <bclark at protocolmarketing.com>:
> Craig White wrote:
>
>> On Mon, 2005-04-11 at 16:15 -0500, Brian Clark wrote:
>>
>>> Hello,
>>>
>>> Back in 2003, someone asked if there was the ability to
>>> automatically lockout an account to prevent brute force login
>>> attacks. The answer back then was "no". Has anyone come up with
>>> something since then?
>>>
>>>
>> ----
>> It's not an issue for imp - it's an issue for your backend system - i.e.
>> your imap server if you are using imap account login (by far the most
>> prevalent use in imp)
>>
>> Craig
>>
>>
> OK. I have the ability to auth against either imap account login (via
> Courier-IMAP 3.0.8) or to OpenLDAP (2.1.x) directly. Anyone
> successfully implement account lockout features using either of these
> products?
I use both but have never needed to lock folks out. My life is simple,
I just add or remove them, don't have a gray area ;) It shouldn't be
to difficult to include it in one of the hooks, using horde auth and
ldap (_username_hook_frombackend comes to mind). Of course without
knowing the numbers of users, cuantity of changes, etc. I couldn't
evaluate the efficiency of administering it. That is how I would
probably do it.
good luck,
ed
>
> Thanks,
> Brian!
>
More information about the imp
mailing list