On the AD side, they limit the potential to change the AD password by deploying a modified the msgina.dll. Otherwise, the user still has the ways to throw a wrench in the system, we're just doing our best to limit the opportunity for this action.
On Wed, Aug 14, 2013 at 10:32 AM, Simo Sorce <s...@redhat.com> wrote: > On Wed, 2013-08-14 at 09:48 -0400, Brian Lee wrote: > > Hi Sumit, > > > > > > Thanks for the suggestion. I'll have to give this some thought, since > > we have 100+ AD servers, this might not be well received by the AD > > team. If anyone can think of a better mousetrap than this, let me > > know. > > Do you also block the 'net user' command on Windows clients ? > It's the same as 'passwd' on Linux clients. > > I would address the problem by using proper password policies as I (now) > see Petr recommended i another email. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > >
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users