[PATCH] bad password lock
jra at samba.org
Tue Sep 16 17:21:17 GMT 2003
On Tue, Sep 16, 2003 at 10:46:41PM +1000, Andrew Bartlett wrote:
> On Tue, 2003-09-16 at 22:33, Aurélien Degrémont wrote:
> > Hi,
> > Here is the new version of the Richard Renard's patch, which enables the
> > bad password count and lockout duration functionnalities.
> > I note that Jeremy Allison was already working on it, and that some
> > people were waiting for it :). I hope this patch will be useful.
> Not just working on it - I think the 'account autolocked' part is
> already in.
> The main problem with this patch is the change to the DB format string -
> you break every TDBsam installation out there.
Well the good news about that is that I think one of the "unknown"
32 bit words we store is actually 2 16-bit fields, associated with
this need (decoded by ethereal). So I should be able to slide this
in without any changes needed to the binary in the sam.
> The other problem is that it's racy - we don't atomicly update the
> counter. That's hard, given the current model, but newer LDAP servers
> apparently have support for a 'increment this value' control.
I hope to try and fix this when I integrate.
More information about the samba-technical