[tac_plus] Re: tac_plus AFL (Auth Fail Lock)
john heasley
heas at shrubbery.net
Fri Jun 27 17:11:59 UTC 2008
Mon, Jun 23, 2008 at 03:11:54PM -0400, Mark Ellzey Thomas:
> Greetings all,
>
> Recently we have had the need for tac_plus to temporarily disable user
> accounts based on the number of authentication failures the user has had
> in a defined window of time.
>
> Attached is a patch against F4.0.4.15 with the previously submitted
> acct+syslog patch (if this is a problem please inform me and I will
> patch against the base F4.0.4.15 tree).
>
> The following global configuration parameter has been added:
>
> auth-fail-lock $int1 $int2 $int3
>
> Where $int1 is the number of authentication failures
> Where $int2 is the window (in seconds) in which to watch for auth fails
> Where $int3 is the number of seconds to disable the user.
>
Does this (cursory glance) purposely not clear the blocked accounts on
HUP?
...
I wonder if its just time to thread tac_plusd.
More information about the tac_plus
mailing list