Remedy does have this option -- forgot which version it starts with --- I believe 7.0 you can set the number of bad password attempts.. it then sets a flag in the AD server on your account. and even if the account is unlocked in AD it is not unlocked in Remedy yet. To reset it you need to change the flag in AD on their account..
On Dec 6, 2007 4:51 PM, Durrant, Michael M. - ITSD <[EMAIL PROTECTED]> wrote: > ** Our security team posed this question to me earlier: > > What prevents someone from brute forcing a Remedy user account password? > > In response I said, "Uhhhh.... great question!" > > When using the builtin NTLM authentication (Cross Ref Blank Password in > Server Information -> External Authentication) in Remedy, AD prevents it by > locking out accounts after 3 unsuccessful login attempts. As far as I can > tell, Remedy does nothing in this regard for application accounts. Has > anyone else experienced this issue? > > Thanks! > > Michael > The information contained in this email may be privileged, confidential or > otherwise protected from disclosure. All persons are advised that they may > face penalties under state and federal law for sharing this information with > unauthorized individuals. If you received this email in error, please reply > to the sender that you have received this information in error. Also, > please delete this email after replying to the sender. > __20060125_______________________This posting was submitted with HTML in > it___ -- Patrick Zandi _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
