find inactive accounts
John Hascall
john at iastate.edu
Wed Jan 20 09:15:37 EST 2010
> On Jan 20, 2010, at 08:47, John Hascall wrote:
> > What I would do is:
> > 1) make sure my KDCs were configured "--with-kdc-kdb-update" when
> > built
>
> Last I looked, this information still gets stored locally on each KDC,
> and is overwritten when the master->slave propagation happens. So a
> successful "login" that happened to use a slave KDC might go unnoticed.
Ah yes, I'd forgotten that.
so:
1a) I would use an incremental propagation technique.
and
1b) I'd bug the Kerb team to fix this :)
John
More information about the Kerberos
mailing list