On Mon, 29 Nov 2010 05:27:56 -0600, John McKown wrote: > >What gets me on this is that, in the recent past, some people at work >were wanting an "automatic resume" of any RACF id which got too many >password violations after some interval - like 10 minutes. So try "n" >times, wait "m" minutes, rinse and repeat. Luckily this was killed. > The proposal isn't totally unreasonable in that it multiplies the time required for a brute force attack by a few orders of magnitude. I knew a product which imposed an escalating lockout time before retry for each unsuccessful attempt.
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html