Luke Howard lukeh at padl.com
Tue Oct 20 09:39:50 EDT 2009

On 07/10/2009, at 11:56 AM, Greg Hudson wrote:

> A few weeks ago, I asked Luke to think about whether it is really
> necessary to add a "lockout time" attribute for the purposes of  
> account
> lockout.  Because the lockout time attribute is new (the other three
> attributes already exist in the DB schema), it adds additional code
> complexity because it must be represented in TL data.  My idea is that
> you can deduce whether the account is locked out from the fail count,
> and can determine the time of lockout from the last preauth failure
> time.
> I believe I mostly have Luke convinced, but we agreed that I should
> bring the issue up for discussion here before he does the work of
> simplifying the code.

The work has been done and is in the users/lhoward/lockout2 branch.

-- Luke

More information about the krbdev mailing list