As far as I understand, in a standard master slave configuration, no information about authentication failures on a slave is passed on to the master kdc. Only if the master_kdc attribute in the krb5.conf file is used, the client will execute an authentication to the master if it fails in a slave sserver. This feature is not supported by the Kerberos implementation in JDk 1.4.2.
So, if an attacker tries to guess an accounts password and authenticate to a slave, a resulting account lock will be overwritten by the next replication. Is there a method within the MIT Implemetation to transfer the information about failed authentications from slaves to the master resulting in an account-lock on all KDCs? Besides that, we would also like to make information about the last successful authentication accessible on the master. Thanks Fred _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
