Encrypted Passwords & Restricting Logon Attempts

Jim Morris Jim at Morris-World.com
Wed Nov 27 18:04:01 GMT 2002

On Wednesday, November 27, 2002, at 11:37  AM, jra at dp.samba.org wrote:

> What is your timeframe on this ? Do you need it to work on 2.2.x or
> later ? It certainly seems something we need to add for 3.0 at least.

Well, the entire issue came to light at a site for which I have acted 
as a network consultant in the past.  I setup a Redhat Linux / Samba 
server for them over 4 years ago, and they have been happily using it 
ever since. It replaced an NT4 server that they had nothing but grief 
with.  I've been in once or twice over the years to help the local MIS 
guy at this company do things like OS upgraded to the box.

Now their corporate headquarters has identified this issue (unlimited 
login attempts allowed) as the primary violation on a recent security 
audit of the network in this branch office of the company.  I think 
they have only given the local MIS guy a few days to achieve compliance.

 From a personal standpoint, 3.0 is soon enough.  For the company 
involved, I think they may end up switching to plaintext passwords as a 
temporary solution.  I've had a conversation with them today, and it 
sounds like the local guys are willing to do that for the 
Jim Morris (Jim at Morris-World.com)

More information about the samba-technical mailing list