On Tue, Apr 19, 2005 at 22:54:32 +0200,
Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:
>
> not an easy problem: it always seems to end up in DoS vs Brute Force Cracking.
> So the only good and simple solution i can think of: use the best possible
> password encrytion (or sufficient, a statistically zero chance when trying as
> much connections -to brute force crack the password- as possible for a
> significant amount of time.)
Maybe you can use client side certificates. Those will be from a large
enough space that guessing shouldn't be a problem. You should be able to
make that work with PAM.