How to lock/unlock the user principal

Kenneth Grady klg at lanl.gov
Tue Jan 15 09:57:31 EST 2008


It's an undocumented feature that you need to specify when building
Kerberos named something like updates database. And the "kadmin modprinc
(+-)allow_tix principal at realm" allows you to enable/disable the account.
I believe the number of failed attempts before blacklisting is kept in
the kdc.conf file.

Ido Levy wrote:
> Hello All,
>
> Is there a way to lock the user principal in case of unsuccessful logins ?
> If yes what is the way to unlock the user ?
>
> When issuing getprinc one of the fields is "Failed password attempts:"
> Is there a way to use this field ?
>
> Is this mechanism relates to Kerberos or to LDAP ?
>
> Thanks,
>
> Ido Levy
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3007 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080115/492a6cf7/attachment.bin


More information about the Kerberos mailing list