Failed Password Attempts
Daniel Henninger
daniel at unity.ncsu.edu
Tue Sep 21 10:03:08 EDT 2004
Folk,
I am pretty sure I already know the answer to this, but wanted to verify
it "for certain". I know that last failed attempt and last successful
attempt are not usable if you have slave kerberos servers. Is that also
true of failed password attempts? (I think yes, it is) In an ideal
world, we may be interested in disabling an account if there are X failed
password attempts in a row, or within a certain time frame, or something
of that nature. Has anyone tried to do something like this with kerberos
and if so, how did you go about it? We can't simply process logs because
we have 6 slaves and randomly load balance across all six of them. We do
put all of the logs together in one location daily, but that just means,
to me, that the only opportunity we'd have to do the failed login checks
would be after that daily upload. Any ideas? Thanks!
Daniel
--
/\\\----------------------------------------------------------------------///\
\ \\\ Daniel Henninger http://www.vorpalcloud.org/ /// /
\_\\\ North Carolina State University - Systems Programmer ///_/
\\\ Information Technology <IT> ///
"""--------------------------------------------------------------"""
More information about the Kerberos
mailing list