This has some downsides, you understand: you can lock someone else out of their account by making a bunch of attempts to log in as them. Don't want root tracking your breakin attempts? Lock him out first!
If you do go down this path, consider
a) doing it in a PAM module so the same policy
applies to Samba as to all other logins
b) set a short delay (say, 10 minutes) when
someone tries to log in, not a unilateral
lockout, and notify root by email.--dave
Jianliang Lu wrote:
Hi,
I'm looking at "bad attempt locakout" on samba3.0 a22. My opinion is to introduce a new variable "uint32 bad_pw_counts" in the struct user_data of SAM_ACCOUNT. so in the auth.c, routine check_ntlm_password(), I can check the bad password attemped against the AP_BAD_ATTEMPT_LOCKOUT, if it were more than that, I will lock the user.
I'd like to have your sugestions on this issue, specially to know where I can put the count of the bad_pw_counts.
Jianliang Lu TieSse s.p.a. Via Jervis, 60 10015 Ivrea (To) ITALY [EMAIL PROTECTED] [EMAIL PROTECTED]
-- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
