Kerberos Lockout Policies.
Dennis Davis
D.H.Davis at bath.ac.uk
Thu Nov 3 07:45:16 EDT 2011
I've been looking at:
http://k5wiki.kerberos.org/wiki/Projects/Lockout
which now seems available with recent versions of Kerberos.
I'm aware that there are disadvantage to using this facility.
Attempting to brute-force the password for a Kerberos principal can
be used as a denial of service attack.
But has anyone set up and is using Kerberos policies that use the
lockout facility? If so, could you give some indication of your
settings (pw_max_fail, pw_failcnt_interval, pw_lockout_duration) and
your experience with this facility?
Feel free to email me directly if the details are considered
sensitive.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk Phone: +44 1225 386101
More information about the Kerberos
mailing list