Re: how to _delay_ failed authentication

2001-04-25 Thread Markus Stumpf
On Wed, Apr 25, 2001 at 03:36:28PM +0200, Karsten W. Rohrbach wrote: oh yes it is in control of at least the process it calls directly (qmail-popup) which terminates nonzero on auth error Yeah, it exits nonzero at auth error and it exists nonzero in any other case. See my post (to qmail list)

Re: how to _delay_ failed authentication

2001-04-25 Thread Scott Gifford
Kittiwat Manosuthi [EMAIL PROTECTED] writes: Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? You might be able to do this via PAM, if you have a checkpassword that supports PAM (available from www.qmail.org):

Re: how to _delay_ failed authentication

2001-04-25 Thread Markus Stumpf
On Wed, Apr 25, 2001 at 03:12:31AM +0200, Karsten W. Rohrbach wrote: maybe add it to tcpserver? tcpserver ist not in control of checkpassword and has no knowledge of corrrect/incorrect user:password pairs. The solution I would like most (and which would be rather flexible and also working with

Re: how to _delay_ failed authentication

2001-04-25 Thread Karsten W. Rohrbach
Markus Stumpf([EMAIL PROTECTED])@2001.04.25 14:38:38 +: On Wed, Apr 25, 2001 at 03:12:31AM +0200, Karsten W. Rohrbach wrote: maybe add it to tcpserver? tcpserver ist not in control of checkpassword and has no knowledge of corrrect/incorrect user:password pairs. oh yes it is in control

Re: how to _delay_ failed authentication

2001-04-24 Thread Peter van Dijk
On Tue, Apr 24, 2001 at 11:48:09AM +0700, Kittiwat Manosuthi wrote: Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? That is completely useless, because of concurrency. Greetz, Peter.

Re: how to _delay_ failed authentication

2001-04-24 Thread Markus Stumpf
On Tue, Apr 24, 2001 at 11:48:09AM +0700, Kittiwat Manosuthi wrote: Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? IMHO not out of the box. But you surely could construct something in checkpassword that uses a

Re: how to _delay_ failed authentication

2001-04-24 Thread Karsten W. Rohrbach
Markus Stumpf([EMAIL PROTECTED])@2001.04.24 19:47:37 +: On Tue, Apr 24, 2001 at 11:48:09AM +0700, Kittiwat Manosuthi wrote: Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? IMHO not out of the box. But

Re: how to _delay_ failed authentication

2001-04-24 Thread Kittiwat Manosuthi
Well.. that's probably the way to go. Unfortunately, it's getting out of my league now. Anyone think this is an interesting thing to do? -Kittiwat From: Karsten W. Rohrbach [EMAIL PROTECTED] Markus Stumpf([EMAIL PROTECTED])@2001.04.24 19:47:37 +: On Tue, Apr 24, 2001 at 11:48:09AM

how to _delay_ failed authentication

2001-04-23 Thread Kittiwat Manosuthi
Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? Sorry for cross posting. Thanks -kittiwat