Open wavexx opened 6 years ago
We should allow to counteract to an hostile user trying to brute force either the ticket/grant ID space (by trying many invalid IDs) as well as invalid ticket/grant passwords.
As an additional note, login/fetch attempts (succeeded or not) are now always logged. This actually plays rather nice with fail2ban.
fail2ban
We should allow to counteract to an hostile user trying to brute force either the ticket/grant ID space (by trying many invalid IDs) as well as invalid ticket/grant passwords.