>
> In both A and B you could have a higher number of attempts than is
actually allowed before the replicated failed login attempts gets written
back to consumer where it will stop the user authenticating. There is a
marginal potential for higher number of potential requests if you don't
chain bind requests. However this would probably only be exposed if
someone is trying to programmatically break the system as normal retry
time on the console would take longer than the time it would take to
replicate failed login attempts back.
>
> If the delay time between the consumer and the chaining backend is quite
big then it makes authenticating against the chaining backend rather slow
and takes away scalability in my opionion. Although you would need a very
high number of bind requests before it becomes a problem. Latency is really
the big issue here.
>
Are you using global password policy?
>
Yes we are using the global password policy. The policy is enforced on the consumers to
which the client authenticates but not on the providers which is firewalled off from any
direct clients.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________