pdb interface
Andrew Bartlett
abartlet at samba.org
Mon Dec 20 23:02:50 GMT 2004
On Thu, 2004-12-09 at 14:06 -0700, Vince Brimhall wrote:
> >>>> Jeremy Allison <jra at samba.org> 12/09/04 1:15 PM >>>
> [snip]
> >Can you explain what attributes in the SAM_ACCOUNT struct you need
> >to set here ? We do call pdb_increment_bad_password_count() on logon
> >failure and pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); on
> >success already - this changes the bad_password_count attribute in
> >the sampass->private struct which should be seen by the backends.
> >
> >We only do this when we are authoritative for the user (in the
> auth_sam.c
> >code) and not when this is a user from an AD domain.
> >
> >What extra do you need to do ?
>
> I need to be able to inform NDS about both failed and successful login
> attempts. This would allow internal NDS password policy counters to be
> updated so that things like grace logins and disabled accounts could be
> enforced by not supplying password information for a disabled account or
> when the password policy does not allow.
>
> Also, the pdb_set_bad_password_count while updating the attribute value
> in the private date, does not actually pass control flow to the passdb
> backend for possible additional processing.
I agree, this is the correct approach. By calling directly to the
passdb backend at this point, we can (potentially) update the counters
in tdbsam, while skipping the update for ldapsam (because of the
replication cost), and NDS can remain in the loop.
Andrew Bartlett
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041221/ad520a5c/attachment.bin
More information about the samba-technical
mailing list