Passowrd policy patch on Samba-3.0.2 for LDAP backend
Andrew Bartlett
abartlet at samba.org
Fri Feb 20 05:31:03 GMT 2004
On Fri, 2004-02-20 at 14:17, Jim McDonough wrote:
>
>
> >I don't like the microsoft approach. An attacker can create a *lot* of
> >inter-site traffic that way.
>
> >I like the idea that all our communication between DC's is via our
> >shared backend, and I don't think this is the issue to force it. I'm
> >not worried that the PDC can be 'behind' on bad password attempts - I
> >think that a per-DC counter is fine, with global lockout.
>
> Well, our way gives more chances to guess a password...basically,
> (lockout-1)*# of DCs.
I actually don't have a problem with that.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/c357ca21/attachment.bin
More information about the samba-technical
mailing list