Passowrd policy patch on Samba-3.0.2 for LDAP backend
Andrew Bartlett
abartlet at samba.org
Fri Feb 20 05:28:10 GMT 2004
On Fri, 2004-02-20 at 15:38, Jim McDonough wrote:
> >> Next, I'm declaring that I don't like magic uint32 values of
> 0xFFFFFFFF to
> >> mean turn off duration, lockout count, and reset count time,
> because even 0
> >> would be a silly value to be a valid policy...in other words,
> having a
> >> lockout count of 0 would lock everyone out, a reset count of 0
> would reset
> >> everyone's badpw counter every time, and duration of 0 would reset
> >> everyones lockout flag immediately. So 0 means these policies are
> turned
> >> off.
> >These values are defined by Microsoft, not us. You should be able to
> >set them from User Mangler, or get them via vampire, for example.
> Upon examining further, these are not the values defined by microsoft.
Sorry - I meant to clarify that in my mail. These values should be as
defined by microsoft, the contents of the patch may vary ;-)
> Account lockout disabled is a short, and 0 means no account lockout,
> not -1. And -1 for time (as a time_t, _not_ 0xFFFFFFFF...this will
> bite us on 64-bit platforms) does happen to be what we define by
> convention to be infinite time. It's not a microsoft definition.
>
> The other reason I'd done this is that this patch has a bug...in MS
> land, for example, you can _never_ have a 0 duration for any of these,
> and if you don't define the policy, that's what we initialize it to.
>
> I'll switch the values back, but we also need to handle the case where
> the time is set to 0, which is invalid.
Thanks,
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/5ad2ae44/attachment.bin
More information about the samba-technical
mailing list