implementing password lockout

Joe Julian jjulian+samba at
Mon Jan 26 16:04:03 GMT 2004

I don't think you need to worry about _not_ updating the 
ldap database. Look at this scenerio: 
  Joe Hacker wants into Jill Waterman's account. In a 
  pure MS environment with a 3 bad password limit, JH 
  tries 2 passwords then for unrelated reasons the PDC 
  goes down. JH has 3 more attempts to break into JW's 
  account from the BDC. 
  In a pure samba environment with LDAP being updated
  with bad password data, no matter what the situation,
  JH is only going to get 3 tries no matter what.

It seems to me that keeping an accurate record in LDAP
(or sql too) fixes a broken MS implementation.

More information about the samba-technical mailing list