Account Lockout Problems with 1.9.1
Greg Hudson
ghudson at MIT.EDU
Sun Nov 20 00:01:45 EST 2011
On 11/19/2011 10:32 PM, Tom Parker wrote:
> Password failure count reset interval: 0
After staring at the code for a while, I believe if you set a reset
interval (it can be very long), things should work as expected.
This appears to be a bug in the LDAP back end code present since lockout
support was written; a reset interval of 0 should be treated as forever
(as it is in the DB2 back end). It will be fixed in subsequent patch
releases. Thanks for the help investigating this.
This also explains the mysterious cause of CVE-2011-1528.
More information about the Kerberos
mailing list