Good Afternoon. After our upgrade from 1.8.3 to 1.9.1 I am also having problems with account lockout. (It was not working under 1.8.3 either and I was hoping 1.9.1 would fix it)
I have my default policy set to 10 password attempts before a lockout. When a user hits the 10 attempts, the failed attempt counter stops incrementing, the last failed count stops changing however they are still able to get a TGT and TGS and log in. The principal has REQUIRES_PREAUTH set. If I go into kadmin and modify_principal -unlock <princ> then everything starts working again (counters and last login times). It seems that all the code is working properly EXCEPT the part that says "if this account is locked, don't give them any tickets" Thanks for any information you may have. Tom ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
