[#MDEV-13096] Implement option to lock user accounts after N authentication failures

[MDEV-13096] Implement option to lock user accounts after N authentication failures Created: 2017-06-14 Updated: 2018-11-26 Resolved: 2018-11-07
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Fix Version/s:	N/A

Type:

Task

Priority:

Critical

Reporter:

Geoff Montee (Inactive)

Assignee:

Vicențiu Ciorbaru

Resolution:

Duplicate

Votes:

Labels:

authentication, privileges, security

Issue Links:

Duplicate
is duplicated by	~~MDEV-7598~~	Block user accounts after failed logi...	Closed
Relates
relates to	~~MDEV-15421~~	max allowed bad password attempts fro...	Closed

Description

Some users would like the ability to lock user accounts after a configurable number of authentication failures, so that brute force password checking can be prevented.

MariaDB's current host blocking mechanism can help prevent problems like this if all authentication attempts come from the same host, but it does not help if the attacker is controlling many hosts. For example, this might be a problem if the attacker were controlling a botnet.

This task might require ~~MDEV-13095~~ to be implemented first.

Generated at Thu Feb 08 08:02:52 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-13096] Implement option to lock user accounts after N authentication failures Created: 2017-06-14 Updated: 2018-11-26 Resolved: 2018-11-07