bmcweb 30 second lockout

Neil Bradley Neil_Bradley at phoenix.com
Thu Sep 10 08:13:21 AEST 2020


I had recently read somewhere on the OpenBMC mailing list (forgive me, as I can't find it anywhere now) recently indicating that there'd be a 30 second lockout for a given user if there were 3 consecutive failed login attempts. My question is firstly, is this the case, and secondly, is it tied to the user globally regardless of connection or is it per user and connection? The reason I ask is that the former would still allow for a denial of service attack and want to make sure that's not actually the case.

Thanks!

-->Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200909/d2778108/attachment.htm>


More information about the openbmc mailing list