"Last successful authentication" always set to "never"
Donn Cave
donn at u.washington.edu
Wed Oct 15 13:13:53 EDT 2003
In article <200310141817.NAA24447 at pvtest.ait.iastate.edu>,
john at iastate.edu (John Hascall) wrote:
> > > When you 'configure' kerberos during the build process,
> > > you need to include the '--with-kdc-kdb-update' flag to
> > > enable this. And then you need to put the 'requires_preauth'
> > > attribute on your principals.
[... re propagating success updates between KDCs ]
> We are incrementally updating our slave (as well as our
> W2K-AD and Novell-NDS) so this is not an issue for us.
Yes, I remember that, as we are doing this too (minus the
Novell part), but we only have to deal with passwords.
[... re logs as an alternative source ]
> Without preauth you can't tell a successful from
> unsuccessful attempt.
At all, right? What would `successful authentication' mean
at the KDC in the absence of preauthentication? I am probably
confused about something here.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list