Krb5 attempts authentication twice in case of wrong password
Manoj Unni Krishnan -X (munnikri - HCL TECHNOLOGIES LIMITED at Cisco)
munnikri at cisco.com
Fri Nov 9 07:55:53 EST 2018
We are using Kerberos (version 1.9) in one of our components and we see for a single Kerberos authentication with wrong password, krb5 tries twice then fails with error:
krb5: Received error from KDC: -1765328360/Preauthentication failed
if we have configured user account lock for 3 bad password attempts in Active Directory the user gets locked in 2nd attempt itself as krb5 would have attempted 4times.
We had a look at the latest krb5 src code for the file get_in_tkt.c, could see there are lots of changes been done, But we are having difficulty in moving to the latest version of Kerberos, as there are lot of customizations done over the version of Kerberos (1.9) that we are using. Hence could you please let us know whether the retry attempt has been fixed as part of any bug/commit we could port it to 1.9.
More information about the krbdev