account lockout with ldap backend

Paul B. Henson henson at
Mon Nov 18 18:15:48 EST 2013

> From: Greg Hudson [mailto:ghudson at MIT.EDU]
> Sent: Sunday, November 17, 2013 9:42 AM
> > Could somebody please verify whether failures are replicated when using
> > the ldap backend?
> If your particular LDAP server is set up to replicate them, then yes.

Cool, thanks for the confirmation. I was pretty sure I had determined that,
but while double checking everything before going and setting it up the
documentation made me doubtful.

> The documentation refers to the Kerberos replication mechanisms (kprop
> and iprop).  I will look for a way to clarify that the disclaimer
> doesn't apply to replication which happens underneath the covers of the
> KDB.

Great, much appreciated. It's not really clear that only applies to the
internal db replication. Most of the documentation is generic, and calls out
LDAP vs db specifically when there are differences.


More information about the Kerberos mailing list