2012/12/2 Ramesh Kumar <[email protected]>: > I would say you made a good point her Henne. I thought about that, but As i > was using ssp in private network so did not bothered much. > > Thanks > Ramesh > > On Dec 2, 2012, at 10:27 PM, Henne Holly wrote: > >> Hi, >> >> I wonder if self-service-password logs if users try to change their >> passwords? It logs if a token is send by email, but I cannot see direct >> password changes. This would be very important, because people could do >> brute force attacks without being taken down.
Hi, there is a log if the change fails (wrong old password or bad quality new password). There is no log when password change succeed but this is not required to block brute force attacks. Logs are in Apache error log. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
