I have been asked by many (now including our Director) why MIT K5
doesn't provide a policy for account lockout after x number of failed
login attempts.
Can someone point me to a FAQ or white paper on this? I have googled a
bit and so far I haven't found anything helpful.
I realize that account lockout can be used maliciously to lockout
friends ( a prank) or enemies (a nuisance DOS ). Is this the only
reason its not been implemented?