Univention Bugzilla – Bug 34726
More concrete description for automatic lockout of users after failed login attempts
Last modified: 2019-02-14 12:12:59 CET
"Automatic lockout of users after failed login attempts" lacks some concrete descriptions of which services are getting locked (Samba, Kerberos, LDAP-Bind?) and if/how the system works different when using Samba4.
The chapter should also explain how these faillog settings come together with the Samba lockout settings (with samba3 and samba4).
Created attachment 9732 [details] handbuch-4.3.pdf
Created attachment 9733 [details] handbuch-4.3.pdf
(In reply to Stefan Gohmann from comment #3) > Created attachment 9733 [details] > handbuch-4.3.pdf See PDF file, chapter 6.5. Git branch: stefan/bug34726-lockout Please reopen the issue after the QA. I need to merge and translate these changes.
Created attachment 9757 [details] bug34726.patch Proposal for some small changes.
Thanks, I've applied your patch and I've also translated the section: http://jenkins.knut.univention.de:8080/view/Doku/job/BuildDocBookBranch/48/artifact/webroot/manual-4.3.html#users:faillog If the link is now longer available, you can simple build the Git branch stefan/bug34726-lockout with the following Jenkins job: http://jenkins.knut.univention.de:8080/view/Doku/job/BuildDocBookBranch/ Please reopen the bug after the QA, so that I can merge it to the manual.
Created attachment 9797 [details] qa34726.diff Ok, pretty good, while checking the english version I found three small points could be improved, see attached patch proposal: * IMHO the readability of the Samba part improves when the --lockout-threshold is described as first option, before the --lockout-duration. * The purpose of the --reset-account-lockout-after option was hard to understand and I've made it a bit more explicit. * Likewise the interaction of PAM global account lock (actually account disable) and local lockout via listener was a bit tough to read if you don't know the implementation details. If you think that this makes sense you may merge it.
(In reply to Arvid Requate from comment #7) > Created attachment 9797 [details] > qa34726.diff [...] > If you think that this makes sense you may merge it. Yes, that makes sense. Thanks. I've merged everything to UCS 4.3-3 and 4.4-0. I set this issue to verified.
(In reply to Stefan Gohmann from comment #8) > I've merged everything to UCS 4.3-3 and 4.4-0. I set this issue to verified.
[master] dd16110 Bug #46874,Bug #32277,Bug #36733,Bug #39556,Bug #40162,Bug #41684,Bug #34726,Bug #41305,Bug #36869: PUBLISH