Fwd: Lockout
Luke Howard
lhoward at MIT.EDU
Wed Oct 7 12:38:24 EDT 2009
[resent; MIT is rejecting lukeh at padl.com]
Begin forwarded message:
> From: Luke Howard <lukeh at padl.com>
> Date: 7 October 2009 6:13:22 PM GMT+02:00
> To: Greg Hudson <ghudson at MIT.EDU>
> Cc: MIT Kerberos Dev List <krbdev at MIT.EDU>
> Subject: Re: Lockout
>
>> 1. If you increase the number of allowed failures in the policy,
>> locked accounts will become unlocked.
>
> Also, are there any interactions with pw_failcnt_interval that need
> to be considered? (This is the time after which the bad
> preauthentication count is reset; this is independent of
> pw_lockout_duration, which is the period in which lockout is
> enforced.)
>
> Do these become one and the same? Does this change the semantics of
> the lockout policy?
>
> -- Luke
More information about the krbdev
mailing list