Account Lockout Problems with 1.9.1
Tom Parker
tparker at cbnco.com
Sun Nov 20 00:20:10 EST 2011
Thank you!
I have set my Password failure count reset interval to 3600 and as you
said everything is working as expected.
After 10 failed attempts I now get
tparker at tparker:~> kinit
kinit: Clients credentials have been revoked while getting initial
credentials
Thanks again for all your help!
On Sun 20 Nov 2011 12:01:45 AM EST, Greg Hudson wrote:
> On 11/19/2011 10:32 PM, Tom Parker wrote:
>> Password failure count reset interval: 0
>
> After staring at the code for a while, I believe if you set a reset
> interval (it can be very long), things should work as expected.
>
> This appears to be a bug in the LDAP back end code present since lockout
> support was written; a reset interval of 0 should be treated as forever
> (as it is in the DB2 back end). It will be fixed in subsequent patch
> releases. Thanks for the help investigating this.
>
> This also explains the mysterious cause of CVE-2011-1528.
More information about the Kerberos
mailing list