All,

We use freeIPA as the LDAP backend for OpenStack Keystone, GitLab, and a few other things. We have been looking for a way to keep track of the last time a user logged on, and the obvious answer seems to be the krbLastSuccessfulAuth attribute. The problem is that this value for all users is N/A:


-----------------------
Account disabled: False
-----------------------
  Server: {{srv}}
  Failed logins: 0
  Last successful authentication: N/A
  Last failed authentication: N/A
  Time now: 2017-05-23T16:47:49Z
----------------------------
Number of entries returned 1
----------------------------

I checked to make sure that the ipaConfigString doesn't contain KDC:Disable Last Success. Does krbLastSuccessfulAuth only get updated when using kerberized logins? If so, is there a way to track the last time a user successfully authenticated via pure LDAP (besides parsing logs)?

Thanks in advance,

--
v/r

Chris Apsey
bitskr...@bitskrieg.net
https://www.bitskrieg.net
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to