wavexx
commented
6 years ago As an additional note, login/fetch attempts (succeeded or not) are now always logged. This actually plays rather nice with fail2ban.
Open wavexx opened 6 years ago
wavexx
commented
6 years ago As an additional note, login/fetch attempts (succeeded or not) are now always logged. This actually plays rather nice with fail2ban.
We should allow to counteract to an hostile user trying to brute force either the ticket/grant ID space (by trying many invalid IDs) as well as invalid ticket/grant passwords.