From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KpiSL-00071V-PA for garchives@archives.gentoo.org; Tue, 14 Oct 2008 11:52:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 44015E0383; Tue, 14 Oct 2008 11:52:51 +0000 (UTC) Received: from smtpout.karoo.kcom.com (smtpout.karoo.kcom.com [212.50.160.34]) by pigeon.gentoo.org (Postfix) with ESMTP id 00293E0383 for ; Tue, 14 Oct 2008 11:52:50 +0000 (UTC) Received: from compaq.stroller.uk.eu.org ([213.152.39.90]) by smtpout.karoo.kcom.com with ESMTP; 14 Oct 2008 12:52:49 +0100 Received: from funf.stroller.uk.eu.org (funf.stroller.uk.eu.org [192.168.1.71]) by compaq.stroller.uk.eu.org (Postfix) with ESMTP id 3AD52137A8F for ; Tue, 14 Oct 2008 12:52:43 +0100 (BST) Message-Id: <62A4E0CF-2489-4779-A73E-78B23941F626@stellar.eclipse.co.uk> From: Stroller To: gentoo-user@lists.gentoo.org In-Reply-To: <200810140021.02583.alan.mckinnon@gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: [gentoo-user] Easily coping with a domain password Date: Tue, 14 Oct 2008 12:52:36 +0100 References: <200810140021.02583.alan.mckinnon@gmail.com> X-Mailer: Apple Mail (2.929.2) X-Archives-Salt: 92f14188-e4d7-48e0-bba5-beede4872641 X-Archives-Hash: d5c81121299a5c6b3c1147f18ba7aaae On 13 Oct 2008, at 23:21, Alan McKinnon wrote: > ... > Should I be looking into winbind? > Or configure kerberos to join the domain and have all my apps use > that? > Some ldap-proxy type setup? > > Pointers to howtos and opinions on what's worth the effort are all > that I'm > after today - I can read the details in the man pages myself once I > have a > known direction to follow. If my three ideas above sound stupid, > that's > because they probably are :-) I don't think winbind is an answer - I use it myself on an IMAP server, allowing the users to use the same password for their email as they do for the domain, and I don't immediately see how it could be configured to in some way behave in a manner which would alleviate your problem. The solution which seems most obvious to me is to reboot your laptop when changing your domain password (or even just log out?), so that all these services are no longer running in the background with the old password saved. Also, you could perhaps ask your IT department to change their security policy to reduce the number of occasions upon which you need to inconvenience them; instead of 3 attempts locking you out permanently and requiring a manual reset, if they locked you out for only 5 minutes you would perhaps have time to realise there's a problem and fix it. IMO any client being denied access with a "bad password" type response should STOP AND ASK for a corrected password, rather than persistently trying with a user:pass it has been told to be invalid. Is it possible your klient apps are somehow misconfigured? If not, perhaps you should file upstream bugs. Stroller.