[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Locking of principals after failed logins
Andreas Haupt <firstname.lastname@example.org> writes:
> Are there roadmaps where I can discover when they will be
No roadmap, but there are other aspects which makes having a writable
database nice, so it might happen in some not too distant future.
Database consistency with multiple writers are not too simple though.
> Policy: none <- unimplemented?
> Last successful login: never <- unimplemented
> Last failed login: never <- unimplemented
> Failed login count: 0 <- unimplemented
Yes. The kadmin api was stolen from MIT/OpenVision, but some of it was
never implemented. I suppose it might have been less confusing to not
print the never changing fields.
Some sort of policy framework (but probably a lot simpler) is also on
the todo list.
> These are really disadvantages in comparison with the OpenAFS
I've never missed them, but I can understand why people like them.
> Why did you switch?
I don't think we ever run the kaserver, but for the switch krb4 ->
krb5, the major issue is security, plus some other new features.