On the AD side, they limit the potential to change the AD password by
deploying a modified the msgina.dll. Otherwise, the user still has the ways
to throw a wrench in the system, we're just doing our best to limit the
opportunity for this action.
On Wed, Aug 14, 2013 at 10:32 AM, Simo Sorce <s...@redhat.com> wrote:
> On Wed, 2013-08-14 at 09:48 -0400, Brian Lee wrote:
> > Hi Sumit,
> > Thanks for the suggestion. I'll have to give this some thought, since
> > we have 100+ AD servers, this might not be well received by the AD
> > team. If anyone can think of a better mousetrap than this, let me
> > know.
> Do you also block the 'net user' command on Windows clients ?
> It's the same as 'passwd' on Linux clients.
> I would address the problem by using proper password policies as I (now)
> see Petr recommended i another email.
> Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list