[PATCH] Patch to implement AD password lockout in Samba's AD DC
Andrew Bartlett
abartlet at samba.org
Wed Feb 19 14:16:14 MST 2014
On Wed, 2014-02-19 at 22:08 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
>
> >> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s4-bwdPwdCount-01
> >
> > I've updated the branch at
> >
> > git://git.samba.org/abartlet/samba.git s4-badPwdCount-02
> >
> > http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s4-bwdPwdCount-02
> >
> > I have also uploaded these to gerrit at
> > https://gerrit.sernet.de/#/q/status:open+project:samba+branch:master
> > +topic:abartlet/s4-badPwdCount-02,n,z
> >
> > With the tests now finished, these changes are now ready for master.
> >
> > I will separately co-ordinate with the Heimdal team and work out how we
> > can detect the correct Heimdal version, and look at updating our
> > internal Heimdal. (The reality is that only Debian builds against a
> > system Heimdal, and we already have another special patch to cope with
> > using a modern heimdal).
> >
> > Please review/push.
>
> I'll have a look at them in detail tomorrow, but my first impression is that
> you should use more helper variables, avoid deep indentation levels (try
> to use early returns and avoid } else { if the if section calls return)
> and avoid functions calls in the variable declaration section.
I would appreciate that in detail, as it is a large patch set and so
hard to guess exactly what chunks you feel can be improved.
The password_hash change was particularly challenging to do in good
style, and practical suggestions for how to improve it would be most
welcome.
> Were is the password grace period documented in the microsoft docs?
http://support.microsoft.com/kb/906305
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list