Hello,
Thanks to everyone having answered me earlier, I've managed to set up password policy on the OpenLDAP provided in CentOS 5.5 repositories (current version 2.3.43).
The setup: we have password policy enabled for users accounts in our intranet. After 5 unsuccessful attempts the account is blocked for short duration (30 seconds).
Does that mean that anyone now can keep all the accounts blocked most of the time? Am I right that if anyone enters someone else' incorrect password 5 times (in the given case), they will block the target account (regardless of what IP address the attacker was connecting from)?
Narrower question: do password policy module developers plan to take into account what IPs are used to connect (thus, blocking only access from specific IPs)?
Thanks. All the best, Konstantin