On Fri, 2003-03-28 at 06:58, David Collier-Brown -- Customer Engineering wrote: > Remember, this opens up a new vulnerability, to denial > of service attacks. See, for example > http://www.uksecurityonline.com/threat/password.php > > If you're implementing this, implement the approved strategy, > also use by NT, of locking it for a settable period, and > not locking out priveledged accounts. > > From > http://calnetad.berkeley.edu/documentation/technical/uc_domain_policy.html > > Account lockout duration > Sets the number of minutes an account will be locked out. > Allowable values are 0 (account is lockout out until > administrator unlocks it) or between 1 and 99999 minutes. > > WARNING: Setting this value to 0 (until administrator > unlocks) may allow a potential denial of service attack. > It is important to note that the built-in Administrator > account cannot be locked out.
Once these issues are sorted, I'm inclined to apply this patch! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part