[Samba] winbind and locking accounts?
Joachim Lindenberg
samba at lindenberg.one
Tue Jul 30 18:03:42 UTC 2019
If you require sufficient entropy for passwords, then locking users on failed attempts is actually a bad idea, because it is trivial to lock user´s accounts (a denial of service), whereas it is almost impossible to actually guess the right one. Locking accounts is only a good idea if the secrets are small, like the pin of a credit card.
Regards, Joachim
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jeff Sadowski via samba
Gesendet: Tuesday, 30 July 2019 16:12
An: samba <samba at lists.samba.org>
Betreff: [Samba] winbind and locking accounts?
One of my colleagues at work brought to my attention that they could continuously attempt different passwords on a linux machine connected via AD via winbind. I did a test or too and it appears not to lock the account after numerous attempts. Is there a way to get the behavior like windows where too many invalid passwords puts a temporary lock on the account?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list