First post ... forgive any unintentional netiquette faux pas here ... Is there any way to configure a policy in its attributes (or failing that, something specific in a principal's attributes) that would mandate that the KDC would set -allow_all_tix after a maximum number of failed password attempts? I spent about two hours looking around, re-reading what I could find on the web and docs.sun.com as well as the ORA owl book, and couldn't find anything. I know I can use kadmin modprinc -allow_all_tix on a principal to lock the principal, and +allow_all_tix to unlock it, but I can't seem to find anything that will do the lock for me automatically.
tia This message posted from opensolaris.org
