Thank you! I have set my Password failure count reset interval to 3600 and as you said everything is working as expected.
After 10 failed attempts I now get tparker@tparker:~> kinit kinit: Clients credentials have been revoked while getting initial credentials Thanks again for all your help! On Sun 20 Nov 2011 12:01:45 AM EST, Greg Hudson wrote: > On 11/19/2011 10:32 PM, Tom Parker wrote: >> Password failure count reset interval: 0 > > After staring at the code for a while, I believe if you set a reset > interval (it can be very long), things should work as expected. > > This appears to be a bug in the LDAP back end code present since lockout > support was written; a reset interval of 0 should be treated as forever > (as it is in the DB2 back end). It will be fixed in subsequent patch > releases. Thanks for the help investigating this. > > This also explains the mysterious cause of CVE-2011-1528. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
