[29062] in Kerberos
Re: How to lock/unlock the user principal
daemon@ATHENA.MIT.EDU (Kenneth Grady)
Tue Jan 15 18:10:33 2008
Message-ID: <478CC9DB.6010803@lanl.gov>
Date: Tue, 15 Jan 2008 07:57:31 -0700
From: Kenneth Grady <klg@lanl.gov>
MIME-Version: 1.0
To: Ido Levy <IDOL@il.ibm.com>
In-Reply-To: <OFBE666234.7C92B32F-ONC22573D1.00307A96-C22573D1.0035E244@il.ibm.com>
X-CTN-5-MailScanner-From: klg@lanl.gov
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0294747471=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============0294747471==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms090900000900020306040902"
This is a cryptographically signed message in MIME format.
--------------ms090900000900020306040902
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
It's an undocumented feature that you need to specify when building
Kerberos named something like updates database. And the "kadmin modprinc
(+-)allow_tix principal@realm" allows you to enable/disable the account.
I believe the number of failed attempts before blacklisting is kept in
the kdc.conf file.
Ido Levy wrote:
> Hello All,
>
> Is there a way to lock the user principal in case of unsuccessful logins ?
> If yes what is the way to unlock the user ?
>
> When issuing getprinc one of the fields is "Failed password attempts:"
> Is there a way to use this field ?
>
> Is this mechanism relates to Kerberos or to LDAP ?
>
> Thanks,
>
> Ido Levy
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--------------ms090900000900020306040902
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIImzCC
BDMwggOcoAMCAQICBETPsKcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCVVMxGDAWBgNV
BAoTD1UuUy4gR292ZXJubWVudDEdMBsGA1UECxMURGVwYXJ0bWVudCBvZiBFbmVyZ3kxJzAl
BgNVBAsTHkxvcyBBbGFtb3MgTmF0aW9uYWwgTGFib3JhdG9yeTAeFw0wNjA4MzAyMTQ2MDJa
Fw0wOTA4MzAyMjE2MDJaMIGnMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t
ZW50MR0wGwYDVQQLExREZXBhcnRtZW50IG9mIEVuZXJneTEnMCUGA1UECxMeTG9zIEFsYW1v
cyBOYXRpb25hbCBMYWJvcmF0b3J5MQ8wDQYDVQQLEwZQZW9wbGUxJTANBgNVBAUTBjA4NTQw
NzAUBgNVBAMTDUtlbm5ldGggR3JhZHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANcR
dtWbO1z7yJOUih9kgxgKn75C+7zZ4iSs93cLexl21zy4dmBmREgMLW20C+Q89i7TowWTOXyI
VdDcpzf2jJpPdBn8xiMegsNdB4/ogfbWJudQ2m2n3agRCdSCFKZMaDnXLt9ofHzQ4GUK0cbD
9cBm7v/ug2iUEumNSbdymGPnAgMBAAGjggGhMIIBnTBYBglghkgBhvprHgEESwxJVGhlIHBy
aXZhdGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBjZXJ0aWZpY2F0ZSBtYXkgaGF2ZSBi
ZWVuIGV4cG9ydGVkLjAXBgNVHREEEDAOgQxrbGdAbGFubC5nb3YwGwYDVR0JBBQwEjAQBgkq
hkiG9n0HRB0xAwIBCTCBlwYDVR0fBIGPMIGMMIGJoIGGoIGDpIGAMH4xCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxHTAbBgNVBAsTFERlcGFydG1lbnQgb2YgRW5l
cmd5MScwJQYDVQQLEx5Mb3MgQWxhbW9zIE5hdGlvbmFsIExhYm9yYXRvcnkxDTALBgNVBAMT
BENSTDgwCwYDVR0PBAQDAgUgMB8GA1UdIwQYMBaAFGpUvk0hTQtmaeQo/XTbRQpSbe8KMB0G
A1UdDgQWBBQNjaFjvGFv7t2pbbk5y6qhAFYPITAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM
MAobBFY2LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAJ0eLWeRDqxDWdjbFEPYscqSDjv4uFhF
D0zjhfDc08Dkl802TtZRrMLVdNlAJUa02lq6W14kMUk26JX08Pcl/P+F+AkMEmIFhNuquaKc
3xW3T+nxJayXYWUJXSx+1Xi9spwYonBJg+jITe+m4//l+o3GL15nv5+a+Gjxjd6Rt/l6MIIE
YDCCA8mgAwIBAgIERM+xxjANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJVUzEYMBYGA1UE
ChMPVS5TLiBHb3Zlcm5tZW50MR0wGwYDVQQLExREZXBhcnRtZW50IG9mIEVuZXJneTEnMCUG
A1UECxMeTG9zIEFsYW1vcyBOYXRpb25hbCBMYWJvcmF0b3J5MB4XDTA2MDkxMTE4NTEzOVoX
DTA5MDkxMTE5MjEzOVowgacxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxHTAbBgNVBAsTFERlcGFydG1lbnQgb2YgRW5lcmd5MScwJQYDVQQLEx5Mb3MgQWxhbW9z
IE5hdGlvbmFsIExhYm9yYXRvcnkxDzANBgNVBAsTBlBlb3BsZTElMA0GA1UEBRMGMDg1NDA3
MBQGA1UEAxMNS2VubmV0aCBHcmFkeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2EG+
CLkaJW36ptXOBODIHX56hcNkiBLZhW8JbgurfdUwgRSv9fV4twQRbOWpiV+5XXIW04ae5+gq
sI0OLJTkGdFvgZRLhg2VF9A9ggQetwuO+oFz/V5pMbKENcuoVu7QMaZQVB+RxgbN2HwQifmu
1y609qNegPIxBzT245EdFskCAwEAAaOCAc4wggHKMAsGA1UdDwQEAwIHgDArBgNVHRAEJDAi
gA8yMDA2MDkxMTE4NTEzOVqBDzIwMDgxMDE3MjMyMTM5WjBYBglghkgBhvprHgEESwxJVGhl
IHByaXZhdGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBjZXJ0aWZpY2F0ZSBtYXkgaGF2
ZSBiZWVuIGV4cG9ydGVkLjAXBgNVHREEEDAOgQxrbGdAbGFubC5nb3YwGwYDVR0JBBQwEjAQ
BgkqhkiG9n0HRB0xAwIBCTCBlwYDVR0fBIGPMIGMMIGJoIGGoIGDpIGAMH4xCzAJBgNVBAYT
AlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxHTAbBgNVBAsTFERlcGFydG1lbnQgb2Yg
RW5lcmd5MScwJQYDVQQLEx5Mb3MgQWxhbW9zIE5hdGlvbmFsIExhYm9yYXRvcnkxDTALBgNV
BAMTBENSTDgwHwYDVR0jBBgwFoAUalS+TSFNC2Zp5Cj9dNtFClJt7wowHQYDVR0OBBYEFNDQ
jRUDfgj2ZIcCs82WLMHZh/ayMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjYuMAMC
BLAwDQYJKoZIhvcNAQEFBQADgYEAkgNqGJKZAcWA65KynIgU+PAlXnVEryKSkrDOuLMFRJur
Uc/rLtDsrfquK9BBGs0mHrErrxUemyMDaA+PDXT/eDXv89ET24vu1GW91CNHnxeTZbVDxDNc
3Hq7u+qfjiyybP2YejMadzc1TFxKWFw3CgS+epH8Z+hReeErOdCgmfkxggLmMIIC4gIBATB3
MG8xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxHTAbBgNVBAsTFERl
cGFydG1lbnQgb2YgRW5lcmd5MScwJQYDVQQLEx5Mb3MgQWxhbW9zIE5hdGlvbmFsIExhYm9y
YXRvcnkCBETPscYwCQYFKw4DAhoFAKCCAcUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDgwMTE1MTQ1NzMxWjAjBgkqhkiG9w0BCQQxFgQUxhrMzby9yWeT
VNf9jVNSqqB3qmcwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC
AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYYGCSsGAQQBgjcQ
BDF5MHcwbzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEdMBsGA1UE
CxMURGVwYXJ0bWVudCBvZiBFbmVyZ3kxJzAlBgNVBAsTHkxvcyBBbGFtb3MgTmF0aW9uYWwg
TGFib3JhdG9yeQIERM+wpzCBiAYLKoZIhvcNAQkQAgsxeaB3MG8xCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxHTAbBgNVBAsTFERlcGFydG1lbnQgb2YgRW5lcmd5
MScwJQYDVQQLEx5Mb3MgQWxhbW9zIE5hdGlvbmFsIExhYm9yYXRvcnkCBETPsKcwDQYJKoZI
hvcNAQEBBQAEgYBdGJAjDpD0mogSk9FxRp2zIE0dI4qKWheObUmpkZYLbZu+A0eZEju/dL0i
kdQqrHMuCBXLgcPpTdxEg1lhCDZQk9VfsWww2SHZCe5NUm/AEqRHwiLm5kqTw2Uqlrj3opDD
3UEu6bd9Uc5/ThOy7BmraKp215/4/nphdYsHZZbI6wAAAAAAAA==
--------------ms090900000900020306040902--
--===============0294747471==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0294747471==--
