implementing password lockout
jjulian+samba at julianfamily.org
Mon Jan 26 16:04:03 GMT 2004
I don't think you need to worry about _not_ updating the
ldap database. Look at this scenerio:
Joe Hacker wants into Jill Waterman's account. In a
pure MS environment with a 3 bad password limit, JH
tries 2 passwords then for unrelated reasons the PDC
goes down. JH has 3 more attempts to break into JW's
account from the BDC.
In a pure samba environment with LDAP being updated
with bad password data, no matter what the situation,
JH is only going to get 3 tries no matter what.
It seems to me that keeping an accurate record in LDAP
(or sql too) fixes a broken MS implementation.
More information about the samba-technical