implementing password lockout

Andrew Bartlett abartlet at
Fri Jan 30 20:58:33 GMT 2004

On Sat, 2004-01-31 at 07:48, Jianliang Lu wrote:
> > Overall, I have to say "nice patch".  A few comments, though.  When the
> > lockout duration and/or reset time policies are set to 0, they function as
> > zero-duration, rather than turning off.  We need to be able to have these
> > both be infinite, so I think zero should be infinite (because zero-length
> > lockout and rest time are both meaningless).
> > 
> > 
> > Thanks again,
> > Jim
> > 
> Thanks for your attention on my patch, but which patch are you talking?
> Because in my patch sent on 01/20/2004 I have patched also the pdbedit to 
> reflect the "duration time" and the "reset count time" every time you 
> use pdbedit -v -u user to show user's account. Also I have checked the 
> "never time" when its value is 0xFFFFFFFF (I think that NT do this), using 
> pdbedit "-C -1" in account policy value for "duration" and "reset count 
> time". I have also patched  "api rpc SAMR QueryUserInfo" to reflect the 
> "duration time" and "reset count time".
> I agree with you for that the account policy should be in passdb backend,
> but I think  also that the account policy is not changed frequently, 
> in general it is set at the begining of the work. So I think that we can 
> always copy the account policy to BDCs when it is set at the begining of the 
> work on PDC.

That is a short-term hack.  This information belongs in the passdb, and
we need patches to implement this.  It should not be that hard - for
ldap, I think such policies should probably be children of the
sambaDomain object.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list