lukeh at padl.com
Tue Oct 20 09:39:50 EDT 2009
On 07/10/2009, at 11:56 AM, Greg Hudson wrote:
> A few weeks ago, I asked Luke to think about whether it is really
> necessary to add a "lockout time" attribute for the purposes of
> lockout. Because the lockout time attribute is new (the other three
> attributes already exist in the DB schema), it adds additional code
> complexity because it must be represented in TL data. My idea is that
> you can deduce whether the account is locked out from the fail count,
> and can determine the time of lockout from the last preauth failure
> I believe I mostly have Luke convinced, but we agreed that I should
> bring the issue up for discussion here before he does the work of
> simplifying the code.
The work has been done and is in the users/lhoward/lockout2 branch.
More information about the krbdev