[29063] in Kerberos
Re: How to lock/unlock the user principal
daemon@ATHENA.MIT.EDU (Ido Levy)
Wed Jan 16 04:54:55 2008
In-Reply-To: <478CC9DB.6010803@lanl.gov>
To: Kenneth Grady <klg@lanl.gov>
Message-ID: <OFD8F7D6B7.51B87CF4-ONC22573D2.00360AB3-C22573D2.003652D8@il.ibm.com>
From: Ido Levy <IDOL@il.ibm.com>
Date: Wed, 16 Jan 2008 11:53:21 +0200
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Kenneth,
Thank you for the info !
What do you mean by saying "when building Kerberos named something like
updates database" ?
Did you test this feature ?
Thanks,
Ido Levy
Kenneth Grady
<klg@lanl.gov>
To
15/01/2008 16:57 Ido Levy/Haifa/IBM@IBMIL
cc
kerberos@mit.edu
Subject
Re: How to lock/unlock the user
principal
It's an undocumented feature that you need to specify when building
Kerberos named something like updates database. And the "kadmin modprinc
(+-)allow_tix principal@realm" allows you to enable/disable the account.
I believe the number of failed attempts before blacklisting is kept in
the kdc.conf file.
Ido Levy wrote:
> Hello All,
>
> Is there a way to lock the user principal in case of unsuccessful
logins ?
> If yes what is the way to unlock the user ?
>
> When issuing getprinc one of the fields is "Failed password attempts:"
> Is there a way to use this field ?
>
> Is this mechanism relates to Kerberos or to LDAP ?
>
> Thanks,
>
> Ido Levy
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
