The correct place to configure this is in PAM, where is can apply to any method of logging in.
For example, see: http://unix.stackexchange.com/questions/78182/how-to-lock-users-after-5-unsuccessful-login-tries ** Changed in: lightdm (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1628922 Title: Postpone login attempts if X have failed Status in lightdm package in Ubuntu: Won't Fix Bug description: ** This is a feature request that regards to security. ** Please add to the login method a mechanism that postpones successive login attempts if X attempts failed. Obviously this can be further enhanced - for example: If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes. If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes. And so on... Values of X and Y should be configured by the 'root' user. Benefits: greatly reduces the risk of brute-forcing the password. Scenarios that this can defend from: * If someone hacked a user in the system, then this prevents him to brute force the password for root. * A keyboard can be emulated via a physical connection while it tries to brute force the password. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1628922/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
