Kerberos: How can I lock a user who fail to login after 3 unsuccesful attempts?

Mike Dopheide dopheide at
Mon Jun 26 18:56:10 EDT 2006

To my knowledge there is no built-in mechanism to disable a principal 
after a certain number of failed logins.  If you have preauth enabled you 
could probably patch the KDC or write a script to monitor your logs.

However, without preauth the KDC has no idea whether a login attempt 
(kinit) was successful or not.


> Hi,
> $Subject.
> client use kerberos for authentication,
> my question is that is there anything i can do with kerberos server to
> reach this object?
> Or anything else can be helpful to this case?
> thanks
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list