Prematurely locked out by Active Directory
Douglas E. Engert
deengert at anl.gov
Wed Jan 6 17:31:34 EST 2010
Warren Jones wrote:
> Our site has configured Active Directory so that an account is
> temporarily locked after five consecutive failed login attempts. This
> works as expected when I authenticate from a Linux box running MIT
> Kerberos 1.6.3. However, I've noticed a change after updating to
> version 1.7: My account is now locked after a single failed login
> attempt, using either kinit or pam_krb5.
>
> Has anyone else run into this?
>
> I've tried the following combinations:
>
> OS MIT Kerberos Results
> ------------- ------------ --------------------------------
> openSUSE 11.0 1.6.3-50.5 works as expected
> openSUSE 11.2 1.6.3-132.1 works as expected
> openSUSE 11.2 1.7-6.1 account locked after one failure
> openSUSE 11.2 1.7-15.1 account locked after one failure
>
> Any insights will be much appreciated.
I had seen that during testing, and used the attached patch to get around it.
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ad.account.lock.txt
Url: http://mailman.mit.edu/pipermail/kerberos/attachments/20100106/381e37bc/attachment.txt
More information about the Kerberos
mailing list