tis 2009-09-08 klockan 17:54 +0200 skrev apmailist_at_free.fr:
> Still, is it possible to present specific autentication schemes depending on the
> useragent ?
Not yet.
> Maybe I didn't explain clearly : it's not the migration process in itself that
> worries us. It's the everyday use of the future AD authentication : Accounts
> getting locked too often.
> As anybody had such accounts locking problems ? If so, Could they share with us
> how they prevented these lockouts from happening ?
>From what I remember AD allows for bad NTLM logins with an old password
for quite some time without locking the account, to avoid the issue with
shares/applications continuing using the old password after the user
have changed his password.
But if using Negotiate (kerberos) then this pretty much should be a
non-issue as Kerberos is ticket based and not directly derived from the
password, or at least that's my understanding.
Regards
Henrik
Received on Wed Sep 09 2009 - 00:36:32 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 09 2009 - 12:00:02 MDT