[tac_plus] Auth Fail Lock
heasley
heas at shrubbery.net
Tue Jan 10 22:31:33 UTC 2012
Tue, Jan 10, 2012 at 09:52:37PM +0000, Joe Moore:
> I have been happily running tac_plus F4.0.4.19 with the Auth Fail Lock patch for some time, on a pair of FreeBSD 7.x servers.
>
> Upon upgrading one of those servers to FreeBSD 8.x, tac_plus stopped recognizing the "auth-fail-lock 4 120 600" parameter in my config file and refused to start.
>
> Fresh builds of 4.0.4.19 (with the AFL patch) on a fresh FreeBSD 8.2 install also failed to start for the same reason.
>
> Is the AFL feature now implemented differently, or am I going to have to switch to Linux to make this work? Going without AFL is not an option since I have to prove to a security auditor that we don't allow unlimited login attempts to routers etc...
thats not a feature of this tacacs, its DoS vector as far as i am concerned.
it must have been a fbsd ports patch.
> ...jgm
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120110/793e15bd/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list