"Last successful authentication" always set to "never"
John Hascall
john at iastate.edu
Tue Oct 14 10:43:46 EDT 2003
> When I do "getprinc" on any principal in our REALM, it prints the
> attributes "Last successful authentication" and "Last failed
> authentication" set to value "[never]". Similarly, the value of "Failed
> password attempts" is "0".
> Why the system doesn't update that values?
> Thanks.
When you 'configure' kerberos during the build process,
you need to include the '--with-kdc-kdb-update' flag to
enable this. And then you need to put the 'requires_preauth'
attribute on your principals.
MIT will tell you these features are 'not well tested',
but they seem to work fine for me.
John
More information about the Kerberos
mailing list