More about the bad password lock patch
dbarth at idealx.com
Tue Sep 16 21:02:27 GMT 2003
I try to coordinate the contributions made by our team, here at IDEALX,
and I'm concerned about the best way to help and to also avoid doing
Richard, Aurélien and Romeo are implementing the various security checks
related to user accounts management and will also probably look at TSE
extended attributes in the next weeks (a really big account has this on
top of if "showstopper" list).
I'd like to make sure that what we're trying to do is not already in the
works by other people on this list (Jeremy, Andrew, others ?). Should we
go on with our patches or stop because you are more advanced than we
already are ? I would be disappointed to have wasted some of our
efforts, but it's better to change goals now than after.
To let you know what we are planning for the next weeks :
* immediate goal is to have all ext. attributes handled (bad pwd,
time reset, min/max pwd age, TSE)
* more distant goal (1-2 month) is to have a working implementation
of BDC/PDC sync with a real NT controler (if anyone is currently working
on this please tell Richard)
* mainly 3 people are working full time on fixing code or
implementing new controls
* we also have a team of engineers doing regression and load testing
with canned-vmwared test environnments
I think the work done so far with ext. attributes is close to our
overall goal of doing BDC/PDC sync.
We intend to change the patches sent so far to integrate your
recommandations (maintaining binary compat. for TDB bases, using a new
callback for the LDAP atomic incrementation, etc.). As a bonus, you can
let us do the dirty work of trying to guess the position of the
remaining 'unknown_x' bits ;-)
Also, about TDB binary compatibility : it seems that TSE attribs can't
fit inside the remaining bits (sam accounts footprints being different
between regular NT and TSE ?) : should we change TDB now of wait for a
future release ?
Let us know if your OK with letting us finish this work (and maintain it
in future releases).
More information about the samba-technical