[Ltb-users] SSP password change - endless

Clément OUDOT clem.oudot at gmail.com
Thu Jan 12 10:27:02 CET 2012


2012/1/12 Shannon <sr123 at wanman.com>:
> I think I may be missing something, but in AD mode which means you
> have to define a manager to change the password - I think that means
> you can endlessly try to change someones password.
>
> So, from a hacking point, if I can get to the web page, I can try to
> change a users password without ever locking out permanently.
>
> Is there a setting I can invoke to only allow a limited number of
> attempts or can we force a lockout (without reset) on a user in
> manager mode?  Or better yet - do we see support for the user to make
> the change coming or is that a design issue in AD?

The design issue is from PHP LDAP (and a little from AD). I have no
solution yet.

Clément.


More information about the ltb-users mailing list