implementing password lockout

Simo Sorce simo.sorce at
Mon Jan 26 14:42:05 GMT 2004

On Mon, 2004-01-26 at 15:22, Jim McDonough wrote:
> Simo, thanks for clarifying that...but I still have a few issues to clear
> up, since we don't (yet) have real windows replication:
> When the bad password count isn't replicated, if we're using LDAP
> replication, we're going to replicate it, so we'll have to store a time for
> the last bad password, no?  We can't choose to selectively replicate
> attributes sometimes, but not others.  This is what Jianliang has in his
> patch, and it makes sense to me.
> I still think we need a local version, though, because if we don't, then if
> the PDC is down what happens when a user enters a bad password?  A correct
> password should be OK, but a bad password attempt...?

I fully agree, as I said, we need a special case for ldap since it does
replicate beyond our control, the ldap passdb could be told to not store
the bad password count on ldap but keep it somewhere e save it down only
when it reaches the max count.


Simo Sorce - simo.sorce at
Xsec s.r.l. -
via Garofalo, 39 - 20133 - Milano
mobile: +39 329 328 7702
tel. +39 02 2953 4143 - fax: +39 02 700 442 399

More information about the samba-technical mailing list