If I know you login, then I, via a script or program, could keep trying passwords until I successfully logged in. This can be BAD! That is why most OS will lock account based on failed login attempts.
The JR.p parameters that control when an account is locked out, based on failed attempts, are: # 3 logon strikes per 300 seconds and your out services.JetspeedSecurity.logon.strike.count=3 services.JetspeedSecurity.logon.strike.interval=300 # dont allow more than 10 over any time period services.JetspeedSecurity.logon.strike.max=10 Paul Spencer Glenn Golden wrote: > We have this clever feature that if there are some number of unsuccessful > login attempts over a time period, we disable the account. > > This is a VERY BAD FEATURE! With a feature like this, if I know your login > id, I can quickly disable your account. > > I suggest we remove it. Call for a vote. > > - Glenn > > -------------------------------------------- > Glenn R. Golden, Systems Research Programmer > University of Michigan School of Information > [EMAIL PROTECTED] 734-615-1419 > -------------------------------------------- > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
