Account Lockout Problems with 1.9.1

Tom Parker tparker at cbnco.com
Fri Nov 18 16:48:51 EST 2011


Good Afternoon.

After our upgrade from 1.8.3 to 1.9.1 I am also having problems with 
account lockout.  (It was not working under 1.8.3 either and I was 
hoping 1.9.1 would fix it)

I have my default policy set to 10 password attempts before a lockout.  
When a user hits the 10 attempts, the failed attempt counter stops 
incrementing, the last failed count stops changing however they are 
still able to get a TGT and TGS and log in.  The principal has 
REQUIRES_PREAUTH set.

If I go into kadmin and modify_principal -unlock <princ> then everything 
starts working again (counters and last login times).  It seems that all 
the code is working properly EXCEPT the part that says "if this account 
is locked, don't give them any tickets"

Thanks for any information you may have.

Tom



More information about the Kerberos mailing list