[PATCH] Patch to implement AD password lockout in Samba's AD DC
Andrew Bartlett
abartlet at samba.org
Mon Feb 10 16:55:51 MST 2014
On Tue, 2014-02-11 at 09:50 +1300, Andrew Bartlett wrote:
> G'Day,
>
> Attached is a patch set I've been working on for a while, which
> implements domain password lockout support in our AD DC code.
>
> As many of you know, there is no support for domain password lockout
> support in our AD DC - we just never got to implementing that bit. As
> the attached patch shows, it's a bit trickier than just simple a counter
> - because lockouts and bad password attempts have a timeout, but finally
> this is now handled.
>
> It does patch our in-tree Heimdal, so we are going to have to coordinate
> with upstream Heimdal and Debian when this gets in, so ensure we don't
> break things there. It also adds new options to the samba-tool domain
> passwordsettings tool.
>
> I'm sorry for not posting it previously, all I can say is that I've been a
> bit swamped, and it slipped off my list. I know it needs more tests,
> and to pass the tests we already have, but at this point I would prefer
> it out, and folks able to use it (manually patching it onto master),
> than to keep it to myself forever.
>
> I wish to thank Univention and my employer Catalyst IT for their support of
> this important work.
>
> Thoughts and feedback most welcome. My hope is to somehow get the tests
> written and this in time for 4.2, and some positive feedback would
> really help with that.
>
> Andrew Bartlett
While I wait for the above to get past moderation, here is the git url:
git://git.samba.org/abartlet/samba.git s4-badPwdCount-01
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s4-bwdPwdCount-01
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list