>>>>> On Tue, 11 Sep 2001 17:56:08 -0400,
>>>>> Christopher Wong <[EMAIL PROTECTED]> (cw) writes:
cw> Thanks. Does it slow down retries in the case of unsuccessful attempts?
What about other SASL methods? Do they slow down and/or lock out
repeated guessing attacks? Don't know. I imagine adding something
like this to saslauthd wouldn't be too difficult, but would that be
more of a task of imapd/popd?
cw> On the other hand, if forking is unlimited then a user might use
cw> saslauthd to guess numerous passwords in parallel. Consequently,
cw> slowing down retries may not be enough. Could you explain how saslauthd
cw> addresses these issues?
Well, they do have to connect in via imapd/popd first, right? I
believe there has already been a request put out to allow for
setting instance limits for the various services. Perhaps that
up-front upper limit would be sufficient.
--
Amos
