On Aug 29, 2006, at 07:57, Anil Belur wrote: > We are enabling the LDAP plugin to update the attributes like > krbLastSuccessfulAuth, krbLastFailedAuth and krbLoginFailedCount. > I came across some parts of the code are which are not DAL enabled. > These parts of the code contains reference to krb5_db_init and > krb5_db_set_name API's. (do_as_req.c and loadv4.c)
Yes, the KDC database updates aren't a mode we test a lot, and obviously haven't with the LDAP plugin code. (Or, more correctly, with the DAL changes, even if we just use the db back end.) I guess I should probably disable that option until we can make it work. It's going to need some rethinking for the LDAP case anyways, because a "login failed count" value can't be reliably updated by multiple KDCs without some kind of locking. Not that the right thing would ever happen with the counts from the slave KDCs in the earlier versions, either.... Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
