Passowrd policy patch on Samba-3.0.2 for LDAP backend
Jianliang Lu
j.lu at tiesse.com
Fri Feb 20 11:06:22 GMT 2004
On Thu Feb 19 21:13:07 GMT 2004, Jim McDonough wrote:
> First of all, thanks for all the work!
>
> I'm incorporating large pieces of this into password lockout support, but
> with a few modifications. First, I'm doing it a bit at a time, so I'm
> starting with just lockout.
>
> Next, I'm declaring that I don't like magic uint32 values of 0xFFFFFFFF to
> mean turn off duration, lockout count, and reset count time, because even 0
> would be a silly value to be a valid policy...in other words, having a
> lockout count of 0 would lock everyone out, a reset count of 0 would reset
> everyone's badpw counter every time, and duration of 0 would reset
> everyones lockout flag immediately. So 0 means these policies are turned
> off.
>
You could not set the reset count and duration to 0 with User Manager for
Domain, the minimum value that could be set is 1 minute. Also, the pdbedit
could be changed as well to prevent the 0 setting for these policies, and
the "not policy" value could be -1, means forever, or some default value.
Jianliang
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list