R: password policy on samba 3.0
j.lu at tiesse.com
Wed Oct 29 08:20:32 GMT 2003
About "password uniqueness" I have implemented on LDAP backend, see my patch
Da: Aurélien Degrémont [mailto:adegremont at idealx.com]
Inviato: Tuesday, October 28, 2003 11:42 AM
A: j.lu at tiesse.com
Oggetto: Re: password policy on samba 3.0
We're presently working on patches concerning "password policy".
There is "where we are" :)
In order to have these patches ready, some changes must be added to
And, to have these changes done, TDBSAM must be upgraded.
I have made a patch for TDBSAM which was proposed a week ago. I'm
wainting for Samba Team's comments.
More over, if we want "password uniqueness", a new field must be added,
in order to store the former passwords.
I started a discution concerning the fields that must be added (a week
ago too), and i'm also waiting for comments about it.
About "password lock", sam backends must have a new functionnality which
able them to do atomic modifications (incremental modifications). I have
not started to work on it yet.
See my previous patches on samba-technical archives.
>Now Redhat has released their Enterprise Linux 3.0 (TAROON) that include
>newer Samba 3.0, that doesn't have the password policy implemented. Who is
>using Enterprise Linux and Samba alpha2x with my password policy patch need
>to upgrade to TAROON and the Samba 3.0 with Password policy patch. I know
>that you are working on "password lock" on 3.0 rc4 and I'd like to know
>how's going your work. I would patch again the 3.0 with the password policy
>(more complete than password lockout, it should include also password age,
>password history, password must change time etc), but before starting the
>work I will know if someone has just made similar work.
>I think that if the password patch will not accepted by the Samba team, it
>will be difficult to users to upgrade their system every time a new release
>I'm also aware that Samba team put the patch in the official branch only if
>they think it is very very mature, but we cannot wait for years...
>TieSse s.p.a Ivrea (to) Italy
>j.lu at tiesse.com
>luj at libero.it
More information about the samba-technical