New "feature" for Kerberos?

Donn Cave donn at
Tue Nov 12 13:44:00 EST 2002

Quoth John Hascall <john at>:
| Random thoughts:
|    + Obviously, this requires the REQUIRES_PRE_AUTH attribute,
|      and ./configure --with-kdc-kdb-update

That has been the kicker when anything has come up around here involving
attempt histories.  Everyone likes the idea that the KDC database mostly
reads and rarely writes, and no one wants to turn that around.

And then we have multiple KDCs, which would have to be taken into account.

It's like the solution we'd want is some kind of auxiliary database, that
the KDCs would talk to across the network on a secondary priority basis.
Which we already have, actually:  syslog.  Of course syslog isn't the
database you need all by itself, but the data is all there.

	Donn Cave, donn at

More information about the krbdev mailing list