tdb overkill ?
Jeremy Allison
jra at samba.org
Tue Dec 4 10:50:19 GMT 2001
On Mon, Dec 03, 2001 at 09:14:19AM -0800, jfm at samba.org wrote:
> added a tdb to store the account policy informations.
> You can change them with either usermanager->policies->account
> or from a command prompt on NT/W2K: net accounts /domain
Ok, here's where I raise a question....
Do we really need to use a tdb for this ?
This is a separate tdb storing only 9 distinct
integer or time values, which a UNIX administrator would
probably like to modify by hand.
Why don't we make it a text file that looks like :
AP_MIN_PASSWORD_LEN:8
AP_PASSWORD_HISTORY: 3
AP_USER_MUST_LOGON_TO_CHG_PASS:yes
AP_MAX_PASSWORD_AGE: XX days
AP_MIN_PASSWORD_AGE: XX days
AP_LOCK_ACCOUNT_DURATION: xx mins
AP_RESET_COUNT_TIME: xx mins
AP_BAD_ATTEMPT_LOCKOUT: 3
AP_TIME_TO_LOGOUT: hh:mm
That the administrator can edit. We also allow
it to be changed via tools of course.
This is such a simple file we can easily use our
test file parsing functions to read/write atomicly.
Bit more work in the smbd code, but *much* friendlier
to admins....
Jeremy.
More information about the samba-technical
mailing list