Microsoft KB Archive/240660

= Membership Authentication treats user name as case sensitive when account is locked out =

Article ID: 240660

Article Last Modified on 9/22/2005

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q240660



SYMPTOMS
When a user account is locked out after too may tries to guess a password, Membership Authentication will deny access for a set time. However, because the user name is case sensitive, that same user can try authentication again, using the same user name with different a case letter used on one or more letters in the user name. The user must still know the correct password to gain access, but the user will have more chances to guess the password than was originally intended.



RESOLUTION
To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

219292 How to obtain the latest Site Server 3.0 service pack



STATUS
This problem was first corrected in Site Server 3.0 Service Pack 3.



MORE INFORMATION
You can configure the account lockout variables, such as retry attempts and lockout time. From your \bin\p&m folder, run the following from a command line:

pmadmin.vbs set master /authaccountdenythreshold:3 /authaccountdenytimeout:2

Please refer to your Site Server online documentation for additional information on using the Pmadmin.vbs script utility.

Keywords: kbhotfixserver kbqfe kbbug kbfix kbqfe KB240660

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.