account lockout problem with solaris and active directory
John Hascall
john at iastate.edu
Sat Jul 22 15:36:56 EDT 2006
> tulanian at gmail.com wrote:
> > I don't know if this is a kerberos problem or not. I've gotten kerberos
> > authentication to work on my Solaris 9 box to an Active Directory
> > domain but we're having problem with account lockouts. The threshold in
> > AD is set to 10 failed login attempts, but a single bad password at the
> > unix login prompt generates a flurry of failed attempts via kerberos,
> > locking the account. Does anyone know why this could be happening?
> Could be PAM is trying more then once, or if you are using openssh, it
> cold be trying Password authentication, then PAM.
Also there was a bug in the krb5_get_init_creds_password() routine
that maked it try twice. It seems to have been fixed somewhere in
the 1.3-ish versions.
John
More information about the Kerberos
mailing list