Account Lockout Problems with 1.9.1
Tom Parker
tparker at cbnco.com
Fri Nov 18 16:48:51 EST 2011
Good Afternoon.
After our upgrade from 1.8.3 to 1.9.1 I am also having problems with
account lockout. (It was not working under 1.8.3 either and I was
hoping 1.9.1 would fix it)
I have my default policy set to 10 password attempts before a lockout.
When a user hits the 10 attempts, the failed attempt counter stops
incrementing, the last failed count stops changing however they are
still able to get a TGT and TGS and log in. The principal has
REQUIRES_PREAUTH set.
If I go into kadmin and modify_principal -unlock <princ> then everything
starts working again (counters and last login times). It seems that all
the code is working properly EXCEPT the part that says "if this account
is locked, don't give them any tickets"
Thanks for any information you may have.
Tom
More information about the Kerberos
mailing list