Passowrd policy patch on Samba-3.0.2 for LDAP backend
abartlet at samba.org
Fri Feb 20 05:28:10 GMT 2004
On Fri, 2004-02-20 at 15:38, Jim McDonough wrote:
> >> Next, I'm declaring that I don't like magic uint32 values of
> 0xFFFFFFFF to
> >> mean turn off duration, lockout count, and reset count time,
> because even 0
> >> would be a silly value to be a valid policy...in other words,
> having a
> >> lockout count of 0 would lock everyone out, a reset count of 0
> would reset
> >> everyone's badpw counter every time, and duration of 0 would reset
> >> everyones lockout flag immediately. So 0 means these policies are
> >> off.
> >These values are defined by Microsoft, not us. You should be able to
> >set them from User Mangler, or get them via vampire, for example.
> Upon examining further, these are not the values defined by microsoft.
Sorry - I meant to clarify that in my mail. These values should be as
defined by microsoft, the contents of the patch may vary ;-)
> Account lockout disabled is a short, and 0 means no account lockout,
> not -1. And -1 for time (as a time_t, _not_ 0xFFFFFFFF...this will
> bite us on 64-bit platforms) does happen to be what we define by
> convention to be infinite time. It's not a microsoft definition.
> The other reason I'd done this is that this patch has a bug...in MS
> land, for example, you can _never_ have a 0 duration for any of these,
> and if you don't define the policy, that's what we initialize it to.
> I'll switch the values back, but we also need to handle the case where
> the time is set to 0, which is invalid.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/5ad2ae44/attachment.bin
More information about the samba-technical