Patch for Bad Password Attempt Lockout, samba3.0a22.
Andrew Bartlett
abartlet at samba.org
Fri Mar 28 13:05:32 GMT 2003
On Fri, 2003-03-28 at 23:55, Jianliang Lu wrote:
> Now the users of "admin users" will not be locked.
"admin users" not the appropriate choice here. Better would be the
members of the 'domain admins' group. The interesting bit is finding
this out at the right point in time...
> In attach is the new patch
> file.
> About lockout duration, I will implement next time. I think that we should
> extend another attribute to record the lockout time.
We also need to check that the account policy has been set, and that
it's not 0 (which I assume is the 'don't lock out' value).
Also, I'm worried about the writes this will cause on the backend. An
LDAP write can be quite expensive, and for the LDAP case this means that
the master ldap server will be hit for every logon attempt.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030329/0a582b8e/attachment.bin
More information about the samba-technical
mailing list