On 08/14/2015 10:25 AM, Howard Chu wrote:

I've added a pwdMaxRecordedFailure attribute to the policy schema. Overloading pwdMaxFailure would be a mistake.

MaxRecordedFailure will default to MaxFailure if that is set. It defaults to 5 if nothing is set. There's no good reason to allow the timestamps to accumulate without bound.

This is now available for testing in git master.

Tested on Ubuntu 14.04, works great. Thanks again Howard!

-Kartik