httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andre Schild" <A.Sch...@aarboard.ch>
Subject Antw: [users@httpd] mod_auth_ldap
Date Fri, 12 Dec 2003 21:56:20 GMT
Hello,

>We are using the following configuration:
>1. Apache 2.0.48
>2. /httpd-2.0.48/modules/experimental/mod_auth_ldap.c
>3. Authenticating against a Domino 5 ldap server

>2. If the authentication fails on the user's first try the second try will
>not work until 15 seconds have passed.

We use the ldap module with netware NDS and we see another
behaviour.
When a user has the correct password, then it is allowd in.
When the user gives a wrong password, the LDAP Server waits
5-10 seconds until it says NO. NDS does this to prevent brute force
attacks. (In addition to the the intruder detection logic)

I could think that the Domino server has this 15 sec. wait for the next try
to protect the account from brute force attacks.

André



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message