account lockout problem with solaris and active directory

John Hascall john at iastate.edu
Sat Jul 22 15:36:56 EDT 2006



> tulanian at gmail.com wrote:
> > I don't know if this is a kerberos problem or not. I've gotten kerberos
> > authentication to work on my Solaris 9 box to an Active Directory
> > domain but we're having problem with account lockouts. The threshold in
> > AD is set to 10 failed login attempts, but a single bad password at the
> > unix login prompt generates a flurry of failed attempts via kerberos,
> > locking the account. Does anyone know why this could be happening?

> Could be PAM is trying more then once, or if you are using openssh, it
> cold be trying Password authentication, then PAM.

Also there was a bug in the krb5_get_init_creds_password() routine
that maked it try twice.  It seems to have been fixed somewhere in
the 1.3-ish versions.

John



More information about the Kerberos mailing list