On Thursday, September 25, 2003 at 3:04:41 PM you wrote (at least in
> is it possible that vchkpw locks an account after - let's say - 5
> password failures to prevent brute-force attacks?
No, it is not, unless somebody writes the necessary code that
- remembers count failed logins
- resets this count to zero when a successful login appears
- better remembers the time of last failed login too, so a
+ two times I failed yesterday and gave up
+ one time I had a typo in my password today (after I finally
does not necessarily count as three fails and locks the account.
So ... Florian: if you like and need this feature: UTSL, go ahead and
improve vpopmail ... The community will thank you :-)
Small change can often be found under seat cushions.