Passowrd policy patch on Samba-3.0.2 for LDAP backend

Jim McDonough jmcd at
Fri Feb 20 03:17:29 GMT 2004

>I don't like the microsoft approach.  An attacker can create a *lot* of
>inter-site traffic that way.

>I like the idea that all our communication between DC's is via our
>shared backend, and I don't think this is the issue to force it.  I'm
>not worried that the PDC can be 'behind' on bad password attempts - I
>think that a per-DC counter is fine, with global lockout.

Well, our way gives more chances to guess a password...basically,
(lockout-1)*# of DCs.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list