"Last successful authentication" always set to "never"
Donn Cave
donn at u.washington.edu
Tue Oct 14 13:23:02 EDT 2003
In article <200310141443.JAA29694 at pvtest.ait.iastate.edu>,
john at iastate.edu (John Hascall) wrote:
> > When I do "getprinc" on any principal in our REALM, it prints the
> > attributes "Last successful authentication" and "Last failed
> > authentication" set to value "[never]". Similarly, the value of "Failed
> > password attempts" is "0".
> > Why the system doesn't update that values?
> > Thanks.
>
> When you 'configure' kerberos during the build process,
> you need to include the '--with-kdc-kdb-update' flag to
> enable this. And then you need to put the 'requires_preauth'
> attribute on your principals.
>
> MIT will tell you these features are 'not well tested',
> but they seem to work fine for me.
Requires an update to the database for each authentication, right?
For us, that would be a fairly radical increase in the number of
updates per day. Seems like there would also be a propagation
issue, since these updates would automatically apply to the master
only if the master is also taking all the authentication requests.
I would get that information from logs, instead.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list