Fwd: Lockout

Luke Howard lhoward at MIT.EDU
Wed Oct 7 12:38:24 EDT 2009

[resent; MIT is rejecting lukeh at padl.com]

Begin forwarded message:

> From: Luke Howard <lukeh at padl.com>
> Date: 7 October 2009 6:13:22 PM GMT+02:00
> To: Greg Hudson <ghudson at MIT.EDU>
> Cc: MIT Kerberos Dev List <krbdev at MIT.EDU>
> Subject: Re: Lockout
>> 1. If you increase the number of allowed failures in the policy,
>> locked accounts will become unlocked.
> Also, are there any interactions with pw_failcnt_interval that need  
> to be considered? (This is the time after which the bad  
> preauthentication count is reset; this is independent of  
> pw_lockout_duration, which is the period in which lockout is  
> enforced.)
> Do these become one and the same? Does this change the semantics of  
> the lockout policy?
> -- Luke

More information about the krbdev mailing list