Last Successful Login always equals "never"

Marcus Watts mdw at umich.edu
Fri Apr 18 13:08:51 EDT 2008


Various wrote:
> Date:    Fri, 18 Apr 2008 09:24:02 PDT
> To:      pachl <clintpachl at gmail.com>
> cc:      kerberos at mit.edu
> From:    Joshua Hutchins <jdhutchin at ugcs.caltech.edu>
> Subject: Re: Last Successful Login always equals "never"
> 
> pachl wrote:
> > When running ``kadmin get <principle>`` for any principle, the "Last
> > successful login" and the "Last failed login" lines always equal
> > "never." What does the "Last successful login" line mean? Where and
> > how would I have to login to change the status of this line from
> > "never"?
> >
> > I have used kinit from from several machines and have also used the
> > system login at the console, which exclusively uses kerberosV (local
> > password file is disabled).
> >
> > All my machines in the Kerberos realm are OpenBSD 4.1 and use Heimdal
> > 0.7.2.
> >
> > -pachl
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >   
> We have the same problem here with Debian and MIT Kerberos Version 5,
> Release 1.6.3 (installed from Debian packages).  All our principals
> require pre-auth.  We haven't spent any time debugging it, but if
> there's a simple solution, we'd love to know it.
> 
> Thanks, Joshua

Besides preauth (which you need to detect failures),
you need to rebuild krb5kdc with
--with-kdc-kdb-update
I don't know how well tested that code is.
It may also have performance constraints in a very large environment.

				-Marcus Watts



More information about the Kerberos mailing list