Re: [mosquitto-dev] Account lockout from too many failed passwords?

[Slow Bro <slowbro904@xxxxxxxxx>]

First, thank you Roger for this great software. I think I’ll just go with TLS client certificates instead. Less trouble than writing a plugin. Though it seems this is a vulnerability? One could use credential stuffing and hammer the server. 

On Sun, Feb 10, 2019 at 3:11 PM Roger Light <roger@xxxxxxxxxx> wrote:

Hello,

Not by default, but you could implement this in an authentication plugin.

Cheers,

Roger

On Sat, 9 Feb 2019 at 01:24, Slow Bro <slowbro904@xxxxxxxxx> wrote:
>
> Does mosquitto offer the capability of locking out an account if there are too many failed password attempts?
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mosquitto-dev