[PATCH] bad password lock
Andrew Bartlett
abartlet at samba.org
Sun Sep 21 09:06:03 GMT 2003
On Sun, 2003-09-21 at 18:52, Simo Sorce wrote:
> On Fri, 2003-09-19 at 19:10, Jeremy Allison wrote:
> > On Fri, Sep 19, 2003 at 11:18:02AM +0200, Aurélien Degrémont wrote:
> >
> > > IMHO, it is not a good idea to create a second table to store the
> > > records containing lockout time, if it is what you think...
> >
> > Actually it is a very good idea to store the time records
> > separately actually, as they are accessed read/write much
> > more than any other entry.
>
> This should be decided on a passdb backend case.
> Ldap users for example want all to be consistent and stored in ldap,
> ancd makes no sense to have a separate facility to drive that.
> Plus if we want to go on and be finally NT DC compatible we will have to
> store these attributes in SAM and all the utilities we have (net,
> pdbedit, smbpasswd) will be very pleased to have to deal with a single
> facility.
I think we will need both options. Backends (or even the sam system)
should be able to 'switch' between locally-maintained and
centrally-maintained attributes. This is because each and every login
will cause a write, and this can get quite expensive in a single-master
system.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030921/ec4f4cd2/attachment.bin
More information about the samba-technical
mailing list