Passowrd policy patch on Samba-3.0.2 for LDAP backend

Jim McDonough jmcd at
Fri Feb 20 03:22:54 GMT 2004

>I don't like the microsoft approach.  An attacker can create a *lot* of
>inter-site traffic that way.
>I like the idea that all our communication between DC's is via our
>shared backend, and I don't think this is the issue to force it.  I'm
>not worried that the PDC can be 'behind' on bad password attempts - I
>think that a per-DC counter is fine, with global lockout.
Ok, so how do you propose we handle password changes?  Do we tell a user to
change their password, but don't try to logon again until they think the
backend has replicated?  Or do we also now cache the password?

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list