[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locking of principals after failed logins



On Tue, 22 Apr 2003, Johan Danielsson wrote:

> Andreas Haupt <ahaupt@ifh.de> writes:
>
> > This feature seems to be missing in the kdc or am I just looking at
> > the wrong place?
>
> No, it requires (for any meaningful use) a multi-write database, not
> just the current write-and-push. I suppose it's on the the wish list.
>
> > When examining principals with kadmin get there is a field "Failed
> > login count".
>
> It's never non-zero, about as useful as last success and last failed.

So how can we implement this locking? An idea we have is to rename a
principal after a number of not successful tries (e.g. add the instance
disabled to the principal name).

BTW: I tried to download the perl module Krb5-Kadm5 from the ftp server -
but the server seems to be dead. Is there another one to get it from?
Or does the Authen::Krb5::Admin module for MIT work with Heimdal as well?

Thanks in advance

-- 
Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen