pdb interface

Vince Brimhall vbrimhall at novell.com
Thu Dec 9 21:06:05 GMT 2004


>>>> Jeremy Allison <jra at samba.org> 12/09/04 1:15 PM >>>
[snip]
>Can you explain what attributes in the SAM_ACCOUNT struct you need
>to set here ? We do call pdb_increment_bad_password_count() on logon
>failure and pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); on
>success already - this changes the bad_password_count attribute in
>the sampass->private struct which should be seen by the backends.
>
>We only do this when we are authoritative for the user (in the
auth_sam.c
>code) and not when this is a user from an AD domain.
>
>What extra do you need to do ?

I need to be able to inform NDS about both failed and successful login
attempts. This would allow internal NDS password policy counters to be
updated so that things like grace logins and disabled accounts could be
enforced by not supplying password information for a disabled account or
when the password policy does not allow.

Also, the pdb_set_bad_password_count while updating the attribute value
in the private date, does not actually pass control flow to the passdb
backend for possible additional processing.

>Jeremy.

Vince


More information about the samba-technical mailing list