[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locking of principals after failed logins

On Tue, 22 Apr 2003, Johan Danielsson wrote:

> Andreas Haupt <ahaupt@ifh.de> writes:
> > This feature seems to be missing in the kdc or am I just looking at
> > the wrong place?
> No, it requires (for any meaningful use) a multi-write database, not
> just the current write-and-push. I suppose it's on the the wish list.
> > When examining principals with kadmin get there is a field "Failed
> > login count".
> It's never non-zero, about as useful as last success and last failed.

But these are essantial features partial! Are there roadmaps where I can
discover when they will be implemented? When I look at the following
output lots of field are useless.

kadmin> get ahaupt
               Principal: ahaupt@IFH.DE
       Principal expires: never
        Password expires: never
    Last password change: never
         Max ticket life: 1 day 1 hour
      Max renewable life: unlimited
                    Kvno: 7
                   Mkvno: 0
                  Policy: none          <- unimplemented?
   Last successful login: never         <- unimplemented
       Last failed login: never         <- unimplemented
      Failed login count: 0             <- unimplemented
           Last modified: 2001-02-05 10:31:13 UTC
                Modifier: registry@IFH.DE
Keytypes(salttype[(salt-value)]): des-cbc-md5(afs3-salt(ifh.de)),
des-cbc-md4(afs3-salt(ifh.de)), des-cbc-crc(afs3-salt(ifh.de))

These are really disadvantages in comparison with the OpenAFS kaserver.

I now want to ask all members of this list, who successfully migrated to
Kerberos5. What are the "killer advantages" of heimdal's kdc in comparison
to the AFS kaserver. Why did you switch?

Thanks in advance

Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen