(RADIATOR) Disabling accounts after too many failed login att empts
Frank Danielson
fdanielson at csky.com
Fri Feb 25 15:13:30 CST 2005
I'd be tempted to use AuthLogSQL to log bad access attempts with the
username, fail flag, and timestamp. Then you could use an AuthBySQL as the
first authorization clause to check for x number of failed logins in the
last y seconds. Of course you'll need to run a batch job every so often to
trim entries in the table that are more than y seconds old to keep it at a
manageable size.
Something like this might do it.
<AuthLog SQL>
Identifier badauths
DBSource
DBUser
DBAuth
Table AUTHLOG
FailureQuery INSERT INTO AUTHLOG(username,authtime,failed)
VALUES(%u,%t,1);
</AuthLog>
<Handler>
AuthByPolicy ContinueUntilReject
AuthLog badauths
<AuthBy SQL>
DBSource
DBUser
DBAuth
AuthSelect SELECT NULL, SUM(failed) as badlogins
FROM AUTHLOG \
where authtime >= (%t - y) AND username=%u
HAVING badlogins >= x
</AuthBy>
<AuthBy Something>
Your regular authby stuff
</AuthBy>
</Handler>
Frank Danielson
Infrastructure Architect
ClearSky Mobile Media
56 E. Pine St.
Orlando, FL 32801
USA
fdanielson at csky.com
-----Original Message-----
From: Roy Badami [mailto:roy.badami at globalgraphics.com]
Sent: Friday, February 25, 2005 1:18 PM
To: radiator at open.com.au
Subject: (RADIATOR) Disabling accounts after too many failed login
attempts
What's the recommended way of disabling an account that's had too many
failed login attempts? Use a PostProcessingHook, or is there a better
way?
Thanks,
-roy
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list