[PATCH] bad password lock

Andrew Bartlett abartlet at samba.org
Tue Sep 16 12:46:45 GMT 2003

On Tue, 2003-09-16 at 22:33, Aurélien Degrémont wrote:
> Hi,
> Here is the new version of the Richard Renard's patch, which enables the 
> bad password count and lockout duration functionnalities.
> I note that Jeremy Allison was already working on it, and that some 
> people were waiting for it :). I hope this patch will be useful.

Not just working on it - I think the 'account autolocked' part is
already in.

The main problem with this patch is the change to the DB format string -
you break every TDBsam installation out there.

The other problem is that it's racy - we don't atomicly update the
counter.  That's hard, given the current model, but newer LDAP servers
apparently have support for a 'increment this value' control.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030916/ea9e5add/attachment.bin

More information about the samba-technical mailing list