In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (John Hascall) wrote:
> > > When you 'configure' kerberos during the build process, > > > you need to include the '--with-kdc-kdb-update' flag to > > > enable this. And then you need to put the 'requires_preauth' > > > attribute on your principals. [... re propagating success updates between KDCs ] > We are incrementally updating our slave (as well as our > W2K-AD and Novell-NDS) so this is not an issue for us. Yes, I remember that, as we are doing this too (minus the Novell part), but we only have to deal with passwords. [... re logs as an alternative source ] > Without preauth you can't tell a successful from > unsuccessful attempt. At all, right? What would `successful authentication' mean at the KDC in the absence of preauthentication? I am probably confused about something here. Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
