kerberos auth account restrictions

James Peach jpeach at samba.org
Wed Jun 13 18:04:03 GMT 2007


hi all,

In check_sam_security(), we check whether the account is locked out  
like this:

/* see if autolock flag needs to be updated */
if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
	pdb_update_autolock_flag(sampass, &updated_autolock);
/* Quit if the account was locked out. */
if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
	DEBUG(3,("check_sam_security: Account for user %s was locked out.\n",  
			pdb_get_username(sampass)));
	return NT_STATUS_ACCOUNT_LOCKED_OUT;
}

Is there a good reason that we don't do this for Kerberos auth in  
reply_spnego_kerberos()?

--
James Peach | jpeach at samba.org



More information about the samba-technical mailing list