Browse Prior Art Database

Set Limit for Number of Bad Password Retries for Local Area Network Server Logon

IP.com Disclosure Number: IPCOM000117811D
Original Publication Date: 1996-Jun-01
Included in the Prior Art Database: 2005-Mar-31
Document File: 2 page(s) / 72K

Publishing Venue

IBM

Related People

Bsaibes, ME: AUTHOR

Abstract

Disclosed is a method to set Local Area Network (LAN) server maximum number of bad password retries by the administrator and track users' attempts. The system can be used to catch the malicious user or to disable any further attempts.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Set Limit for Number of Bad Password Retries for Local Area Network
Server Logon

      Disclosed is a method to set Local Area Network (LAN) server
maximum number of bad password retries by the administrator and track
users' attempts.  The system can be used to catch the malicious user
or to disable any further attempts.

      The security system for LAN SERVER was exposed due to the fact
that a user can attempt unlimited number of times to logon to the
system.  The administrator had no ability in controlling how many
times users can assay a valid userid with a valid password.  From a
security point of view, this is unacceptable, it exposes the network
to dictionary attacks.  A malice user could possibly keep trying
different passwords until one succeeds.  The product lacked the
ability to track the bad password attempts in order to either catch
the culprit to disable the userid.

      This solution consists of two parts: The first part deals with
the ability to set a limit on the number of attempts that a user may
tries.  Setting this limit is flexible not rigid.  The limit can be
increased or decreased according to the need of the environment where
LAN SERVER is running.  In addition, the solution provides for
backward compatibility with legacy models.  If a domain is running
with a version  that does not provide this solution, the domain still
have the ability  to run without it.

      From the command line, users with the administrator privilege
can now set this maximum, by using the new flag /MAXBADPW with the
'net accounts' command as follows: net accounts /MAXBADPW:XX. where
XX is a number. f XX is 0 the maximum bad passwords is not checked
and LAN SERVER operates as before.  This limit is stored in the user
accounts database.  All users have permission to display this limit.

      Th...