Overview#

Intruder Lockout Check is a Policy Decision Point defined in Draft-behera-ldap-password-policy to determine when Intruder Detection is activated.

A status of true indicating that an intruder has been detected is returned if ALL the following conditions are met:

• The PwdLockout attribute is TRUE.
• The number of values in the PwdFailureTime attribute that are younger than PwdFailureCountInterval is greater or equal to the PwdMaxFailure attribute.

Otherwise a status of false is returned.

While performing this check, values of PwdFailureTime that are old by more than PwdFailureCountInterval are purged and not counted.

EDirectory Intruder Lockout Check#

We describe the Intruder Lockout Check for EDirectory under Locked By Intruder.

Microsoft Active Directory Intruder Lockout Check#

We describe the Intruder Lockout Check for Microsoft Active Directory under Active Directory Account Lockout

More Information#

There might be more information for this subject on one of the following:

• Draft-behera-ldap-password-policy
• Intruder Detection
• Locked By Intruder
• Password Spraying
• PwdFailureTime