[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Locking of principals after failed logins
On Tue, 22 Apr 2003, Johan Danielsson wrote:
> Andreas Haupt <ahaupt@ifh.de> writes:
>
> > This feature seems to be missing in the kdc or am I just looking at
> > the wrong place?
>
> No, it requires (for any meaningful use) a multi-write database, not
> just the current write-and-push. I suppose it's on the the wish list.
>
> > When examining principals with kadmin get there is a field "Failed
> > login count".
>
> It's never non-zero, about as useful as last success and last failed.
But these are essantial features partial! Are there roadmaps where I can
discover when they will be implemented? When I look at the following
output lots of field are useless.
kadmin> get ahaupt
Principal: ahaupt@IFH.DE
Principal expires: never
Password expires: never
Last password change: never
Max ticket life: 1 day 1 hour
Max renewable life: unlimited
Kvno: 7
Mkvno: 0
Policy: none <- unimplemented?
Last successful login: never <- unimplemented
Last failed login: never <- unimplemented
Failed login count: 0 <- unimplemented
Last modified: 2001-02-05 10:31:13 UTC
Modifier: registry@IFH.DE
Attributes:
Keytypes(salttype[(salt-value)]): des-cbc-md5(afs3-salt(ifh.de)),
des-cbc-md4(afs3-salt(ifh.de)), des-cbc-crc(afs3-salt(ifh.de))
These are really disadvantages in comparison with the OpenAFS kaserver.
I now want to ask all members of this list, who successfully migrated to
Kerberos5. What are the "killer advantages" of heimdal's kdc in comparison
to the AFS kaserver. Why did you switch?
Thanks in advance
--
Andreas Haupt E-Mail: ahaupt@ifh.de
DESY Zeuthen
Platanenallee 6
15738 Zeuthen