Last Successful Login always equals "never"
Marcus Watts
mdw at umich.edu
Fri Apr 18 13:08:51 EDT 2008
Various wrote:
> Date: Fri, 18 Apr 2008 09:24:02 PDT
> To: pachl <clintpachl at gmail.com>
> cc: kerberos at mit.edu
> From: Joshua Hutchins <jdhutchin at ugcs.caltech.edu>
> Subject: Re: Last Successful Login always equals "never"
>
> pachl wrote:
> > When running ``kadmin get <principle>`` for any principle, the "Last
> > successful login" and the "Last failed login" lines always equal
> > "never." What does the "Last successful login" line mean? Where and
> > how would I have to login to change the status of this line from
> > "never"?
> >
> > I have used kinit from from several machines and have also used the
> > system login at the console, which exclusively uses kerberosV (local
> > password file is disabled).
> >
> > All my machines in the Kerberos realm are OpenBSD 4.1 and use Heimdal
> > 0.7.2.
> >
> > -pachl
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> We have the same problem here with Debian and MIT Kerberos Version 5,
> Release 1.6.3 (installed from Debian packages). All our principals
> require pre-auth. We haven't spent any time debugging it, but if
> there's a simple solution, we'd love to know it.
>
> Thanks, Joshua
Besides preauth (which you need to detect failures),
you need to rebuild krb5kdc with
--with-kdc-kdb-update
I don't know how well tested that code is.
It may also have performance constraints in a very large environment.
-Marcus Watts
More information about the Kerberos
mailing list