> Better answer: No time difference because your system should lock any
> and all accesses out after no more than 3 missed authentication attempts
> and should alert your pager via the method of your choice if your
> threshold
> for failed attempts by bad user name is exceeded.
Doesn't this leave one vulnerable to a DOS attack? Or does the lock expire
after some not-unreasonable interval? Something to long to make even a scan
of a large number of users practical, but not too long to expect a user to
make himself or herself useful without logging on.
Greg Stigers
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *