I've been looking at: http://k5wiki.kerberos.org/wiki/Projects/Lockout
which now seems available with recent versions of Kerberos. I'm aware that there are disadvantage to using this facility. Attempting to brute-force the password for a Kerberos principal can be used as a denial of service attack. But has anyone set up and is using Kerberos policies that use the lockout facility? If so, could you give some indication of your settings (pw_max_fail, pw_failcnt_interval, pw_lockout_duration) and your experience with this facility? Feel free to email me directly if the details are considered sensitive. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [email protected] Phone: +44 1225 386101 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
