Failed Password Attempts

Daniel Henninger daniel at
Tue Sep 21 10:03:08 EDT 2004


I am pretty sure I already know the answer to this, but wanted to verify 
it "for certain".  I know that last failed attempt and last successful 
attempt are not usable if you have slave kerberos servers.  Is that also 
true of failed password attempts?  (I think yes, it is)  In an ideal 
world, we may be interested in disabling an account if there are X failed 
password attempts in a row, or within a certain time frame, or something 
of that nature.  Has anyone tried to do something like this with kerberos 
and if so, how did you go about it?  We can't simply process logs because 
we have 6 slaves and randomly load balance across all six of them.  We do 
put all of the logs together in one location daily, but that just means, 
to me, that the only opportunity we'd have to do the failed login checks 
would be after that daily upload.  Any ideas?  Thanks!


\ \\\      Daniel Henninger         /// /
  \_\\\      North Carolina State University - Systems Programmer        ///_/
     \\\                   Information Technology <IT>                  ///

More information about the Kerberos mailing list