Passowrd policy patch on Samba-3.0.2 for LDAP backend
Jim McDonough
jmcd at us.ibm.com
Fri Feb 20 03:17:29 GMT 2004
>I don't like the microsoft approach. An attacker can create a *lot* of
>inter-site traffic that way.
>I like the idea that all our communication between DC's is via our
>shared backend, and I don't think this is the issue to force it. I'm
>not worried that the PDC can be 'behind' on bad password attempts - I
>think that a per-DC counter is fine, with global lockout.
Well, our way gives more chances to guess a password...basically,
(lockout-1)*# of DCs.
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list