#2324 [RFE] Implement rate limiting for non privileged clients
Closed: wontfix a year ago by pbrezina. Opened 7 years ago by simo.

When the authentication provider does not have its own rate limiting or does not lock accounts after failures we may open up guessing attack venues if we let password attempts to be performed unbounded.

A simple rate limiting implementation would simply store the last authentication attempt timestamp, and sleep and wait if it is "too soon".
If we wanted to allow "burst", but block prolonged guessing attacks, we'd just store some more values and block when N auths happen within M seconds.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 beta
summary: RFE: Implement rate limiting for non privileged clients => [RFE] Implement rate limiting for non privileged clients

Fields changed

rhbz: => todo

Fields changed

mark: => 1

Nice to have.

milestone: SSSD 1.13 beta => SSSD 1.13 backlog
priority: major => minor

Mass-moving tickets not planned for the next two releases.

Please reply with a comment if you disagree about the move..

milestone: SSSD 1.13 backlog => SSSD 1.15 beta

Metadata Update from @simo:
- Issue set to the milestone: SSSD Future releases (no date set yet)

4 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from 0)
- Custom field mark adjusted to on (was: 1)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None
- Issue tagged with: Patch is welcome

a year ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

a year ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3366

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata