question about KRB5_KDB_DISALLOW_ALL_TIX attribute

Dave Steiner steiner at bakerst.rutgers.edu
Thu Feb 7 16:38:53 EST 2002


We've been running Kerberos here at the University for a number of
years.  We've made a few changes to the code over that time and one of
the changes is that we don't lockout principals after N failed
attempts.

We are now going to start using the lockout code that's in the kdc but
we'd like some way to identify the people who are locked out (so we
can either contact them, semi-automate a +allow_tix, etc). 
Unfortunately, I haven't found any easy way of getting a list of
locked out people except to do a dump of the database and check the
attributes of each entry in the dump.

Does anyone have an easier way to get this information or am I stuck
with the dump method?

thanks,
-ds



More information about the Kerberos mailing list