Encrypted Passwords & Restricting Logon Attempts
Jim Morris
Jim at Morris-World.com
Wed Nov 27 18:04:01 GMT 2002
On Wednesday, November 27, 2002, at 11:37 AM, jra at dp.samba.org wrote:
> What is your timeframe on this ? Do you need it to work on 2.2.x or
> later ? It certainly seems something we need to add for 3.0 at least.
Well, the entire issue came to light at a site for which I have acted
as a network consultant in the past. I setup a Redhat Linux / Samba
server for them over 4 years ago, and they have been happily using it
ever since. It replaced an NT4 server that they had nothing but grief
with. I've been in once or twice over the years to help the local MIS
guy at this company do things like OS upgraded to the box.
Now their corporate headquarters has identified this issue (unlimited
login attempts allowed) as the primary violation on a recent security
audit of the network in this branch office of the company. I think
they have only given the local MIS guy a few days to achieve compliance.
From a personal standpoint, 3.0 is soon enough. For the company
involved, I think they may end up switching to plaintext passwords as a
temporary solution. I've had a conversation with them today, and it
sounds like the local guys are willing to do that for the
short-term.....
--
Jim Morris (Jim at Morris-World.com)
More information about the samba-technical
mailing list