> I believe I mostly have Luke convinced, but we agreed that I should > bring the issue up for discussion here before he does the work of > simplifying the code. One argument I had in favour of maintaining a separate lockout time which I will submit here for completeness, is consistency with the LDAP password policy draft and the Active Directory security model. -- Luke