"Last successful authentication" always set to "never"

Donn Cave donn at u.washington.edu
Wed Oct 15 13:13:53 EDT 2003

In article <200310141817.NAA24447 at pvtest.ait.iastate.edu>,
 john at iastate.edu (John Hascall) wrote:

> > > When you 'configure' kerberos during the build process,
> > > you need to include the '--with-kdc-kdb-update' flag to
> > > enable this.  And then you need to put the 'requires_preauth'
> > > attribute on your principals.

[... re propagating success updates between KDCs ]
>      We are incrementally updating our slave (as well as our
>      W2K-AD and Novell-NDS) so this is not an issue for us.

Yes, I remember that, as we are doing this too (minus the
Novell part), but we only have to deal with passwords.

[... re logs as an alternative source ]
>      Without preauth you can't tell a successful from
>      unsuccessful attempt.

At all, right?  What would `successful authentication' mean
at the KDC in the absence of preauthentication?  I am probably
confused about something here.

   Donn Cave, donn at u.washington.edu

More information about the Kerberos mailing list