(RADIATOR) Locking out access after 3 failed password attempt s

Wed Jun 6 16:40:18 CDT 2001

Hi Steve -

You could do what you describe fairly easily with a PostAuthHook that would 
handle authentication requests to check the failures and keep track of the 
number of attempts.

There are some example hooks in the file "goodies/hooks.txt" in the Radiator 
2.18.1 release.

BTW - I believe Oracle now has an LDAP interface, so you might consider that.

regards

Hugh

On Wednesday 06 June 2001 22:56, Felicetti, Stephen A. wrote:
> Thanks, Hugh....I understand what you mean. But I don't think I'll be able
> to pass *another* database over on management here. If I can it would most
> likely be Oracle, since we already have that implemented. We're trying to
> keep centric, by tying everything into LDAP.
>
> We have some sharp perl programmers here, would it be feasible to try
> something like I suggested?
>
> Thanks,
> Steve
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, June 05, 2001 8:14 PM
> To: Felicetti, Stephen A.; 'radiator at open.com.au'
> Subject: Re: (RADIATOR) Locking out access after 3 failed password
> attempts
>
>
>
> Hello Stephen -
>
> I would recommend that you use an SQL database and create something like a
> "RECENTATTEMPTS" table, and then use an AuthBy SQL clause to check the
> recent
> attempts before going on to your normal AuthBy LDAP.
>
> BTW - the latest version of Radiator is 2.18.1.
>
> regards
>
> Hugh
>
> On Tuesday 05 June 2001 23:32, Felicetti, Stephen A. wrote:
> > > I'm running 2.16 on Sun, and have been for a while. VERY stable and no
> >
> > problems.
> > I've now been asked to find a way to disable access for any user account,
> > if the password is entered incorrectly 3 times.
> > I'm using LDAP to hold the usernames/passwords, and attributes that
> > determine whether they are aloud to authenticate.
> >
> > I'd imagine that I would have to customize the code to do this.
> > Possibly like this...
> > check the logfile for failed attempts.
> > get the username
> > send LDAP modify string to LDAP server to disable access for that user.
> > Send email to admin.
> >
> > Am I on the right track here? Have any modules been added to the new
> > Radiator modules that can take care of this?
> > Has anyone else tried this with reliability?
> >
> > Thanks a lot for any suggestions!
> >
> > A very happy radiator user...
> > Steve
> >
> >
> >
> >
> >
> >
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Stephen A. Felicetti				Fox Chase Cancer Center
> > Sr. Network Engineer 				215-728-2956  (v)
> > Research Information Technology Facility	215-728-2513 (f)
> > sa_felicetti at fccc.edu
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ----------------------------------------
> Content-Type: application/octet-stream; charset="iso-8859-1"; name="Stephen
> Felicetti (E-mail).vcf"
> Content-Transfer-Encoding: 7bit
> Content-Description:
> ----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.