In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (John Hascall) wrote:
> > When I do "getprinc" on any principal in our REALM, it prints the > > attributes "Last successful authentication" and "Last failed > > authentication" set to value "[never]". Similarly, the value of "Failed > > password attempts" is "0". > > Why the system doesn't update that values? > > Thanks. > > When you 'configure' kerberos during the build process, > you need to include the '--with-kdc-kdb-update' flag to > enable this. And then you need to put the 'requires_preauth' > attribute on your principals. > > MIT will tell you these features are 'not well tested', > but they seem to work fine for me. Requires an update to the database for each authentication, right? For us, that would be a fairly radical increase in the number of updates per day. Seems like there would also be a propagation issue, since these updates would automatically apply to the master only if the master is also taking all the authentication requests. I would get that information from logs, instead. Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
