Prematurely locked out by Active Directory
Warren Jones
wjones at fluke.com
Wed Jan 6 17:20:52 EST 2010
Our site has configured Active Directory so that an account is
temporarily locked after five consecutive failed login attempts. This
works as expected when I authenticate from a Linux box running MIT
Kerberos 1.6.3. However, I've noticed a change after updating to
version 1.7: My account is now locked after a single failed login
attempt, using either kinit or pam_krb5.
Has anyone else run into this?
I've tried the following combinations:
OS MIT Kerberos Results
------------- ------------ --------------------------------
openSUSE 11.0 1.6.3-50.5 works as expected
openSUSE 11.2 1.6.3-132.1 works as expected
openSUSE 11.2 1.7-6.1 account locked after one failure
openSUSE 11.2 1.7-15.1 account locked after one failure
Any insights will be much appreciated.
--
Warren Jones
Fluke Corporation
Please be advised that this email may contain confidential information.
If you are not the intended recipient, please do not read, copy or
re-transmit this email. If you have received this email in error,
please notify us by email by replying to the sender and by telephone
(call us collect at +1 202-828-0850) and delete this message and any
attachments. Thank you in advance for your cooperation and assistance.
In addition, Danaher and its subsidiaries disclaim that the content of
this email constitutes an offer to enter into, or the acceptance of,
any
contract or agreement or any amendment thereto; provided that the
foregoing disclaimer does not invalidate the binding effect of any
digital or other electronic reproduction of a manual signature that is
included in any attachment to this email.
More information about the Kerberos
mailing list