| 1 |
On 13 Oct 2008, at 23:21, Alan McKinnon wrote: |
| 2 |
> ... |
| 3 |
> Should I be looking into winbind? |
| 4 |
> Or configure kerberos to join the domain and have all my apps use |
| 5 |
> that? |
| 6 |
> Some ldap-proxy type setup? |
| 7 |
> |
| 8 |
> Pointers to howtos and opinions on what's worth the effort are all |
| 9 |
> that I'm |
| 10 |
> after today - I can read the details in the man pages myself once I |
| 11 |
> have a |
| 12 |
> known direction to follow. If my three ideas above sound stupid, |
| 13 |
> that's |
| 14 |
> because they probably are :-) |
| 15 |
|
| 16 |
I don't think winbind is an answer - I use it myself on an IMAP |
| 17 |
server, allowing the users to use the same password for their email as |
| 18 |
they do for the domain, and I don't immediately see how it could be |
| 19 |
configured to in some way behave in a manner which would alleviate |
| 20 |
your problem. |
| 21 |
|
| 22 |
The solution which seems most obvious to me is to reboot your laptop |
| 23 |
when changing your domain password (or even just log out?), so that |
| 24 |
all these services are no longer running in the background with the |
| 25 |
old password saved. Also, you could perhaps ask your IT department to |
| 26 |
change their security policy to reduce the number of occasions upon |
| 27 |
which you need to inconvenience them; instead of 3 attempts locking |
| 28 |
you out permanently and requiring a manual reset, if they locked you |
| 29 |
out for only 5 minutes you would perhaps have time to realise there's |
| 30 |
a problem and fix it. |
| 31 |
|
| 32 |
IMO any client being denied access with a "bad password" type response |
| 33 |
should STOP AND ASK for a corrected password, rather than persistently |
| 34 |
trying with a user:pass it has been told to be invalid. Is it possible |
| 35 |
your klient apps are somehow misconfigured? If not, perhaps you should |
| 36 |
file upstream bugs. |
| 37 |
|
| 38 |
Stroller. |
Archives