1 |
On 13 Oct 2008, at 23:21, Alan McKinnon wrote: |
2 |
> ... |
3 |
> Should I be looking into winbind? |
4 |
> Or configure kerberos to join the domain and have all my apps use |
5 |
> that? |
6 |
> Some ldap-proxy type setup? |
7 |
> |
8 |
> Pointers to howtos and opinions on what's worth the effort are all |
9 |
> that I'm |
10 |
> after today - I can read the details in the man pages myself once I |
11 |
> have a |
12 |
> known direction to follow. If my three ideas above sound stupid, |
13 |
> that's |
14 |
> because they probably are :-) |
15 |
|
16 |
I don't think winbind is an answer - I use it myself on an IMAP |
17 |
server, allowing the users to use the same password for their email as |
18 |
they do for the domain, and I don't immediately see how it could be |
19 |
configured to in some way behave in a manner which would alleviate |
20 |
your problem. |
21 |
|
22 |
The solution which seems most obvious to me is to reboot your laptop |
23 |
when changing your domain password (or even just log out?), so that |
24 |
all these services are no longer running in the background with the |
25 |
old password saved. Also, you could perhaps ask your IT department to |
26 |
change their security policy to reduce the number of occasions upon |
27 |
which you need to inconvenience them; instead of 3 attempts locking |
28 |
you out permanently and requiring a manual reset, if they locked you |
29 |
out for only 5 minutes you would perhaps have time to realise there's |
30 |
a problem and fix it. |
31 |
|
32 |
IMO any client being denied access with a "bad password" type response |
33 |
should STOP AND ASK for a corrected password, rather than persistently |
34 |
trying with a user:pass it has been told to be invalid. Is it possible |
35 |
your klient apps are somehow misconfigured? If not, perhaps you should |
36 |
file upstream bugs. |
37 |
|
38 |
Stroller. |