Passowrd policy patch on Samba-3.0.2 for LDAP backend

Andrew Bartlett abartlet at
Fri Feb 20 05:31:03 GMT 2004

On Fri, 2004-02-20 at 14:17, Jim McDonough wrote:
> >I don't like the microsoft approach.  An attacker can create a *lot* of
> >inter-site traffic that way.
> >I like the idea that all our communication between DC's is via our
> >shared backend, and I don't think this is the issue to force it.  I'm
> >not worried that the PDC can be 'behind' on bad password attempts - I
> >think that a per-DC counter is fine, with global lockout.
> Well, our way gives more chances to guess a password...basically,
> (lockout-1)*# of DCs.

I actually don't have a problem with that.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list