[cifs-protocol] Where is account lockout and password expiry described in the docs?
Andrew Bartlett
abartlet at samba.org
Wed Oct 16 22:39:39 MDT 2013
I've been looking for the formal documentation for account lockout and
expiry handling. There are no references that I can find in
The only reference in MS-ADTS is in 6.1.5.4 PDC Emulator FSMO Role,
which gives the clue that we need to forward all bad passwords to the
PDC. But that leaves a lot of questions, like what to do (what error to
give) if the PDC is offline.
The only reference in MS-SAMR is to actual enforcement is in .1.5.14.5
Account Lockout Enforcement and Reset, but this is for password change.
There is also MS-SAMR 3.1.5.13.7.1 SamValidateAuthentication but nothing
I could find indicates how this fits in to the broader picture.
MS-NRPC refers to this as passthough authentication, and MS-NLMP does
not describe expiry or lockout at all.
Where can I find a clear description of how to implement account lockout
(for bad passwords) and expiry?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the cifs-protocol
mailing list