On the AD side, they limit the potential to change the AD password by
deploying a modified the msgina.dll. Otherwise, the user still has the ways
to throw a wrench in the system, we're just doing our best to limit the
opportunity for this action.


On Wed, Aug 14, 2013 at 10:32 AM, Simo Sorce <s...@redhat.com> wrote:

> On Wed, 2013-08-14 at 09:48 -0400, Brian Lee wrote:
> > Hi Sumit,
> >
> >
> > Thanks for the suggestion. I'll have to give this some thought, since
> > we have 100+ AD servers, this might not be well received by the AD
> > team. If anyone can think of a better mousetrap than this, let me
> > know.
>
> Do you also block the 'net user' command on Windows clients ?
> It's the same as 'passwd' on Linux clients.
>
> I would address the problem by using proper password policies as I (now)
> see Petr recommended i another email.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to