tdb overkill ?

Jeremy Allison jra at samba.org
Tue Dec 4 10:50:19 GMT 2001


On Mon, Dec 03, 2001 at 09:14:19AM -0800, jfm at samba.org wrote:

> added a tdb to store the account policy informations.
> You can change them with either usermanager->policies->account
> or from a command prompt on NT/W2K: net accounts /domain

Ok, here's where I raise a question....

Do we really need to use a tdb for this ?

This is a separate tdb storing only 9 distinct
integer or time values, which a UNIX administrator would
probably like to modify by hand.

Why don't we make it a text file that looks like :

AP_MIN_PASSWORD_LEN:8
AP_PASSWORD_HISTORY: 3
AP_USER_MUST_LOGON_TO_CHG_PASS:yes
AP_MAX_PASSWORD_AGE: XX days
AP_MIN_PASSWORD_AGE: XX days
AP_LOCK_ACCOUNT_DURATION: xx mins
AP_RESET_COUNT_TIME: xx mins
AP_BAD_ATTEMPT_LOCKOUT: 3
AP_TIME_TO_LOGOUT: hh:mm

That the administrator can edit. We also allow
it to be changed via tools of course.

This is such a simple file we can easily use our
test file parsing functions to read/write atomicly.

Bit more work in the smbd code, but *much* friendlier
to admins....

Jeremy.




More information about the samba-technical mailing list