account lockout after n failed password attempts

Steve Glasser sgla9347 at gmail.com
Sat Dec 12 15:53:26 EST 2009


Hi list,

I was wondering if account lockout after n failed password attempts
was ever successfully implemented with MIT Kerberos?

I know this was discussed several years ago (see:
http://mailman.mit.edu/pipermail/kerberos/2007-December/012705.html).
I haven't seen any  responses more current than that.  It looks like
an inherent design problem because with multiple kdc servers there is
no way to keep a centralized count of failed login attempts.

Btw, does anyone know how Microsoft got around this problem (assuming
they did so), as they do offer account lockout after n failed login
attempts?

Thanks,
-- 
Steve Glasser
sgla9347 at gmail.com



More information about the Kerberos mailing list