implementing password lockout
Andrew Bartlett
abartlet at samba.org
Fri Jan 30 20:58:33 GMT 2004
On Sat, 2004-01-31 at 07:48, Jianliang Lu wrote:
> > Overall, I have to say "nice patch". A few comments, though. When the
> > lockout duration and/or reset time policies are set to 0, they function as
> > zero-duration, rather than turning off. We need to be able to have these
> > both be infinite, so I think zero should be infinite (because zero-length
> > lockout and rest time are both meaningless).
> >
> >
> > Thanks again,
> > Jim
> >
>
> Thanks for your attention on my patch, but which patch are you talking?
> Because in my patch sent on 01/20/2004 I have patched also the pdbedit to
> reflect the "duration time" and the "reset count time" every time you
> use pdbedit -v -u user to show user's account. Also I have checked the
> "never time" when its value is 0xFFFFFFFF (I think that NT do this), using
> pdbedit "-C -1" in account policy value for "duration" and "reset count
> time". I have also patched "api rpc SAMR QueryUserInfo" to reflect the
> "duration time" and "reset count time".
>
> I agree with you for that the account policy should be in passdb backend,
> but I think also that the account policy is not changed frequently,
> in general it is set at the begining of the work. So I think that we can
> always copy the account policy to BDCs when it is set at the begining of the
> work on PDC.
That is a short-term hack. This information belongs in the passdb, and
we need patches to implement this. It should not be that hard - for
ldap, I think such policies should probably be children of the
sambaDomain object.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040131/e671523e/attachment.bin
More information about the samba-technical
mailing list