From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KpVmr-0000bO-Uo for garchives@archives.gentoo.org; Mon, 13 Oct 2008 22:21:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7BD90E034B; Mon, 13 Oct 2008 22:21:12 +0000 (UTC) Received: from qw-out-1920.google.com (qw-out-1920.google.com [74.125.92.148]) by pigeon.gentoo.org (Postfix) with ESMTP id 5489DE034B for ; Mon, 13 Oct 2008 22:21:12 +0000 (UTC) Received: by qw-out-1920.google.com with SMTP id 5so577541qwc.10 for ; Mon, 13 Oct 2008 15:21:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=U8p6vRh3zHSkMqaAxeSULFBLgORJiMQWeO+vGZ55Wlk=; b=c/xeSbnFeZDgzre5Hyw/R1v4I3IQZ8v6s6WPj/Km/rNT2g7AHEUi7gHn8FYm6gr+Lq zG9AYCsF2FBkN50L+kTTtgb6QVUsnFfWAxf6vOFs/eyC9tC0OuFqhzJprTaKo9ordDXf 7BD0V71OKeVv7WWtDD0zfdcOWfZji+0Wd9Z2Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=f2iQOHYIFl4Rwu2B+nzp4ZoueV4ebSIOwJG4lTaxfkOIXSsNQb8bqOiNNHUPQO2SWA ujWOoYN6LKpTxC9JoWsaUWcGce5+eBkF8G1Zda9YNGc7r04n409vxglvT4klzeyKFncX oJKRq+imN90++2vqHm5jJU0IJpEJnVujcHrgU= Received: by 10.214.149.3 with SMTP id w3mr5783728qad.26.1223936471008; Mon, 13 Oct 2008 15:21:11 -0700 (PDT) Received: from ?10.0.0.6? (dsl-243-231-180.telkomadsl.co.za [41.243.231.180]) by mx.google.com with ESMTPS id 4sm14216216yxj.7.2008.10.13.15.21.08 (version=SSLv3 cipher=RC4-MD5); Mon, 13 Oct 2008 15:21:10 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Easily coping with a domain password Date: Tue, 14 Oct 2008 00:21:02 +0200 User-Agent: KMail/1.9.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810140021.02583.alan.mckinnon@gmail.com> X-Archives-Salt: 7efecc32-3ea4-44e9-94ef-1dee74e4350b X-Archives-Hash: ec44133d94e156ec4f19592da938dd6b Hi, Some weeks go well, some don't. For me, this one isn't. The AD at work was moaning that I needed to change the password, which I duly did under protest. Then all hell broke loose. 30 seconds later the account was locked. That turned out to be kontact checking Exchange once a minute when I thought I had unset auto checks. Phoned IT, got the account unlocked. And it happened again, this time kwallet had cached something. Fixed by manually going through everything in kwallet, changing all old passwords I found. And I got locked out a third time, which appears to be due to ldap lookups (more than one). $DEITY only knows where these are coming from, I've been doing some experimenting lately.... IT are getting a wee bit upset with me, and this happens regularly once a month but today was especially bad. Methinks I should consolidate all the many apps and URLs that auth against the domain. And I'm wondering how best to do this as I'm clueless about it actually - I normally avoid MS stuff like the plague. Should I be looking into winbind? Or configure kerberos to join the domain and have all my apps use that? Some ldap-proxy type setup? Pointers to howtos and opinions on what's worth the effort are all that I'm after today - I can read the details in the man pages myself once I have a known direction to follow. If my three ideas above sound stupid, that's because they probably are :-) -- alan dot mckinnon at gmail dot com