[Samba] [samba] Password complexity checks

Kai Blin kai at samba.org
Fri Jul 31 05:51:38 MDT 2009


On Friday 31 July 2009 10:22:32 Radek wrote:

Hi Radek,

>
> I want to use crackcheck to check password complexity, but users (when
> password change failed because of complexity check fail) gets only
> information about valid password length, password history. I think that may
> be a problem for users.

As far as I am aware that's what Windows returns if the password does not meet 
the complexity requirements newer versions can enforce. So I'm afraid you're 
out of luck there.

> How can I (or Can I?) give them information about expected complexity. I'm
> almost sure that with NT PDC they would get information about expected
> complexity.  Crackcheck exits with error -4, and writes information to
> stderr, maybe can I use that and send it somehow to the client or force
> Windows XP to display standard message about password complexity like with
> NT PDC?

I don't think NT4 PDCs can do that, I recently tried a Win2008 server AD 
domain, and even that only returns one error message for all "pasword not 
good enough" errors.

Of course I'm happy to be corrected by people with more experience.
Cheers,
Kai

-- 
Kai Blin
WorldForge developer  http://www.worldforge.org/
Wine developer        http://wiki.winehq.org/KaiBlin
Samba team member     http://www.samba.org/samba/team/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20090731/f9844c30/attachment.pgp>


More information about the samba mailing list