tis 2009-09-08 klockan 17:54 +0200 skrev apmailist@xxxxxxx: > Still, is it possible to present specific autentication schemes depending on the > useragent ? Not yet. > Maybe I didn't explain clearly : it's not the migration process in itself that > worries us. It's the everyday use of the future AD authentication : Accounts > getting locked too often. > As anybody had such accounts locking problems ? If so, Could they share with us > how they prevented these lockouts from happening ? >From what I remember AD allows for bad NTLM logins with an old password for quite some time without locking the account, to avoid the issue with shares/applications continuing using the old password after the user have changed his password. But if using Negotiate (kerberos) then this pretty much should be a non-issue as Kerberos is ticket based and not directly derived from the password, or at least that's my understanding. Regards Henrik
