On 11/19/2011 10:32 PM, Tom Parker wrote: > Password failure count reset interval: 0
After staring at the code for a while, I believe if you set a reset interval (it can be very long), things should work as expected. This appears to be a bug in the LDAP back end code present since lockout support was written; a reset interval of 0 should be treated as forever (as it is in the DB2 back end). It will be fixed in subsequent patch releases. Thanks for the help investigating this. This also explains the mysterious cause of CVE-2011-1528. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
