Password Lockout

Brian brianslist at
Tue Jul 8 19:55:39 EDT 2003

I need to set a password lockout scheme , such that on a configured 
entry the KDC should limit the number of password attempts , I did not 
find any explicit settings on policies as well as principal add/modify  
commands , Is this parameter settable ? . I also went through the 
source code and found this at  do_as_req.c

	     * Note: this doesn't work if you're using slave servers!!!
	     * It also causes the database to be modified (and thus
	     * need to be locked) frequently.
	    if (client.fail_auth_count < KRB5_MAX_FAIL_COUNT) {
		client.fail_auth_count = client.fail_auth_count + 1;
		if (client.fail_auth_count == KRB5_MAX_FAIL_COUNT) {
		    client.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
	    client.last_failed = kdc_time;
	    update_client = 1;

Under what condition does KRBCONF_KDC_MODIFIES_KDB gets enabled



More information about the krbdev mailing list