Passowrd policy patch on Samba-3.0.2 for LDAP backend
Jim McDonough
jmcd at us.ibm.com
Fri Feb 20 03:22:54 GMT 2004
>I don't like the microsoft approach. An attacker can create a *lot* of
>inter-site traffic that way.
>
>I like the idea that all our communication between DC's is via our
>shared backend, and I don't think this is the issue to force it. I'm
>not worried that the PDC can be 'behind' on bad password attempts - I
>think that a per-DC counter is fine, with global lockout.
Ok, so how do you propose we handle password changes? Do we tell a user to
change their password, but don't try to logon again until they think the
backend has replicated? Or do we also now cache the password?
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list