"Last successful authentication" always set to "never"

Donn Cave donn at u.washington.edu
Tue Oct 14 13:23:02 EDT 2003

In article <200310141443.JAA29694 at pvtest.ait.iastate.edu>,
 john at iastate.edu (John Hascall) wrote:

> > When I do "getprinc" on any principal in our REALM, it prints the
> > attributes "Last successful authentication" and "Last failed
> > authentication" set to value "[never]". Similarly, the value of "Failed
> > password attempts" is "0".
> > Why the system doesn't update that values?
> > Thanks.
> When you 'configure' kerberos during the build process,
> you need to include the '--with-kdc-kdb-update' flag to
> enable this.  And then you need to put the 'requires_preauth'
> attribute on your principals.
> MIT will tell you these features are 'not well tested',
> but they seem to work fine for me.

Requires an update to the database for each authentication, right?
For us, that would be a fairly radical increase in the number of
updates per day.  Seems like there would also be a propagation
issue, since these updates would automatically apply to the master
only if the master is also taking all the authentication requests.

I would get that information from logs, instead.

   Donn Cave, donn at u.washington.edu

More information about the Kerberos mailing list