[Samba] Password Expiration when using LDAP
Andrew Bartlett
abartlet at samba.org
Sat Aug 3 15:13:02 GMT 2002
"Hesham S. Ahmed" wrote:
>
> Hi,
>
> We are planning to move all of our win2k server
> (currenty around 50!) alongwith AD to Linux, we are
> planning to use LDAP based samba domain controllers
> for authentication and file/print serving. We are
> doing a pilot and things are fine till now, just one
> simple problem, what should we do with our password
> policy, we have three restrictions relating passwords
>
> minimum password length
> password expiration
> password history (so users cant reuse old password for
> some time)
>
> AFAIK samba 2.2.5 PDC doesn't support any of these. I
> was thinking if there is any way to implement these
> restrictions at LDAP level, I mean adding a few
> attributes stroring password change dates and checking
> for expiration interval by using maybe a cron job that
> checks the no. of days elapsed.... or should I rather
> wait?
>
> Does HEAD supports these features, my company wouldn't
> mind using HEAD in production!!! as most of our
> business is dependent on Lotus Domino which is in no
> way dependent on NT PDC functionality.
HEAD supports password ageing but not password history. I think the
'min password length' has always been supported, but can be quickly
added if required. I would like to add cracklib, and sombody was doing
a patch to clean that stuff up - but I'm not sure what happened to it...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list