[Freeipa-users] Restrict AD users from passwd
Brian Lee
brian_lee1 at jabil.com
Wed Aug 14 14:38:15 UTC 2013
On the AD side, they limit the potential to change the AD password by
deploying a modified the msgina.dll. Otherwise, the user still has the ways
to throw a wrench in the system, we're just doing our best to limit the
opportunity for this action.
On Wed, Aug 14, 2013 at 10:32 AM, Simo Sorce <simo at redhat.com> wrote:
> On Wed, 2013-08-14 at 09:48 -0400, Brian Lee wrote:
> > Hi Sumit,
> >
> >
> > Thanks for the suggestion. I'll have to give this some thought, since
> > we have 100+ AD servers, this might not be well received by the AD
> > team. If anyone can think of a better mousetrap than this, let me
> > know.
>
> Do you also block the 'net user' command on Windows clients ?
> It's the same as 'passwd' on Linux clients.
>
> I would address the problem by using proper password policies as I (now)
> see Petr recommended i another email.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130814/154e7426/attachment.htm>
More information about the Freeipa-users
mailing list