implementing password lockout
abartlet at samba.org
Fri Jan 30 20:58:33 GMT 2004
On Sat, 2004-01-31 at 07:48, Jianliang Lu wrote:
> > Overall, I have to say "nice patch". A few comments, though. When the
> > lockout duration and/or reset time policies are set to 0, they function as
> > zero-duration, rather than turning off. We need to be able to have these
> > both be infinite, so I think zero should be infinite (because zero-length
> > lockout and rest time are both meaningless).
> > Thanks again,
> > Jim
> Thanks for your attention on my patch, but which patch are you talking?
> Because in my patch sent on 01/20/2004 I have patched also the pdbedit to
> reflect the "duration time" and the "reset count time" every time you
> use pdbedit -v -u user to show user's account. Also I have checked the
> "never time" when its value is 0xFFFFFFFF (I think that NT do this), using
> pdbedit "-C -1" in account policy value for "duration" and "reset count
> time". I have also patched "api rpc SAMR QueryUserInfo" to reflect the
> "duration time" and "reset count time".
> I agree with you for that the account policy should be in passdb backend,
> but I think also that the account policy is not changed frequently,
> in general it is set at the begining of the work. So I think that we can
> always copy the account policy to BDCs when it is set at the begining of the
> work on PDC.
That is a short-term hack. This information belongs in the passdb, and
we need patches to implement this. It should not be that hard - for
ldap, I think such policies should probably be children of the
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040131/e671523e/attachment.bin
More information about the samba-technical