Some users would like the ability to lock user accounts after a configurable number of authentication failures, so that brute force password checking can be prevented.
MariaDB's current host blocking mechanism can help prevent problems like this if all authentication attempts come from the same host, but it does not help if the attacker is controlling many hosts. For example, this might be a problem if the attacker were controlling a botnet.
This task might require
MDEV-13095 to be implemented first.