[19858] in Kerberos_V5_Development
Krb5 attempts authentication twice in case of wrong password
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Fri Nov 9 07:56:16 2018
From: "Manoj Unni Krishnan -X (munnikri - HCL TECHNOLOGIES LIMITED at Cisco)"
<munnikri@cisco.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Date: Fri, 9 Nov 2018 12:55:53 +0000
Message-ID: <396a392f39cd448883a73d3d0d2c5456@XCH-RCD-012.cisco.com>
Content-Language: en-US
MIME-Version: 1.0
Cc: "Amudha Muthiah -X \(amumuthi - HCL TECHNOLOGIES LIMITED
at Cisco\)" <amumuthi@cisco.com>,
"Sandeep Kiran Pinjala -X \(sapinjal - HCL TECHNOLOGIES LIMITED at
Cisco\)" <sapinjal@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi Team,
We are using Kerberos (version 1.9) in one of our components and we see for a single Kerberos authentication with wrong password, krb5 tries twice then fails with error:
krb5: Received error from KDC: -1765328360/Preauthentication failed
if we have configured user account lock for 3 bad password attempts in Active Directory the user gets locked in 2nd attempt itself as krb5 would have attempted 4times.
We had a look at the latest krb5 src code for the file get_in_tkt.c, could see there are lots of changes been done, But we are having difficulty in moving to the latest version of Kerberos, as there are lot of customizations done over the version of Kerberos (1.9) that we are using. Hence could you please let us know whether the retry attempt has been fixed as part of any bug/commit we could port it to 1.9.
Thanks,
Manoj
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
