Patch for Bad Password Attempt Lockout, samba3.0a22.
Andrew Bartlett
abartlet at samba.org
Thu Mar 27 21:47:36 GMT 2003
On Fri, 2003-03-28 at 06:58, David Collier-Brown -- Customer Engineering
wrote:
> Remember, this opens up a new vulnerability, to denial
> of service attacks. See, for example
> http://www.uksecurityonline.com/threat/password.php
>
> If you're implementing this, implement the approved strategy,
> also use by NT, of locking it for a settable period, and
> not locking out priveledged accounts.
>
> From
> http://calnetad.berkeley.edu/documentation/technical/uc_domain_policy.html
>
> Account lockout duration
> Sets the number of minutes an account will be locked out.
> Allowable values are 0 (account is lockout out until
> administrator unlocks it) or between 1 and 99999 minutes.
>
> WARNING: Setting this value to 0 (until administrator
> unlocks) may allow a potential denial of service attack.
> It is important to note that the built-in Administrator
> account cannot be locked out.
Once these issues are sorted, I'm inclined to apply this patch!
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030328/839d0044/attachment.bin
More information about the samba-technical
mailing list