implementing password lockout

Simo Sorce simo.sorce at
Mon Jan 26 10:31:42 GMT 2004

On Sun, 2004-01-25 at 22:24, Jim McDonough wrote:
> So my current thought is to create a new tdb to store the password count
> and a timestamp for each user, as they encounter bad passwords.  This would
> be used for all password backends.  At a successful logon attempt, any
> record for a user is deleted.  I think this will get us closest to what NT
> is doing.  My biggest concern is that it would mean a second lookup for any
> user when the badpasswordcount field is involved.
> Thoughts?

We already have the account policy tdb in place, just reuse that.

Anyway, there is no reson that we should be limited in the same way NT
is. If compatibility does not constrain us we should let users be able
to have it saved and replicated above DC's if they want.


Simo Sorce - simo.sorce at
Xsec s.r.l. -
via Garofalo, 39 - 20133 - Milano
mobile: +39 329 328 7702
tel. +39 02 2953 4143 - fax: +39 02 700 442 399

More information about the samba-technical mailing list