Passowrd policy patch on Samba-3.0.2 for LDAP backend

Jim McDonough jmcd at us.ibm.com
Fri Feb 20 03:22:54 GMT 2004





>I don't like the microsoft approach.  An attacker can create a *lot* of
>inter-site traffic that way.
>
>I like the idea that all our communication between DC's is via our
>shared backend, and I don't think this is the issue to force it.  I'm
>not worried that the PDC can be 'behind' on bad password attempts - I
>think that a per-DC counter is fine, with global lockout.
Ok, so how do you propose we handle password changes?  Do we tell a user to
change their password, but don't try to logon again until they think the
backend has replicated?  Or do we also now cache the password?



----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

jmcd at us.ibm.com
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984


More information about the samba-technical mailing list