[PATCH] bad password lock
Simo Sorce
simo.sorce at xsec.it
Sun Sep 21 10:43:22 GMT 2003
On Sun, 2003-09-21 at 11:05, Andrew Bartlett wrote:
> On Sun, 2003-09-21 at 18:52, Simo Sorce wrote:
> > On Fri, 2003-09-19 at 19:10, Jeremy Allison wrote:
> > > On Fri, Sep 19, 2003 at 11:18:02AM +0200, Aurélien Degrémont wrote:
> > >
> > > > IMHO, it is not a good idea to create a second table to store the
> > > > records containing lockout time, if it is what you think...
> > >
> > > Actually it is a very good idea to store the time records
> > > separately actually, as they are accessed read/write much
> > > more than any other entry.
> >
> > This should be decided on a passdb backend case.
> > Ldap users for example want all to be consistent and stored in ldap,
> > ancd makes no sense to have a separate facility to drive that.
> > Plus if we want to go on and be finally NT DC compatible we will have to
> > store these attributes in SAM and all the utilities we have (net,
> > pdbedit, smbpasswd) will be very pleased to have to deal with a single
> > facility.
>
> I think we will need both options. Backends (or even the sam system)
> should be able to 'switch' between locally-maintained and
> centrally-maintained attributes. This is because each and every login
> will cause a write, and this can get quite expensive in a single-master
> system.
I'm not sure such a thing is good. HAving a locally-maintained list,
means we have systems that may be desynchronized, such that ones accept
authentication and another refuses it.
If you are concerned with performances, then I think we should
preferably add an option to disable the feature, for people that does
not need to use it.
Simo.
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
More information about the samba-technical
mailing list