Re: Locking of principals after failed logins

[joda@pdc.kth.se (Johan Danielsson)]

Andreas Haupt <ahaupt@ifh.de> writes:

> Are there roadmaps where I can discover when they will be
> implemented?

No roadmap, but there are other aspects which makes having a writable
database nice, so it might happen in some not too distant future.
Database consistency with multiple writers are not too simple though.

>                   Policy: none          <- unimplemented?
>    Last successful login: never         <- unimplemented
>        Last failed login: never         <- unimplemented
>       Failed login count: 0             <- unimplemented

Yes. The kadmin api was stolen from MIT/OpenVision, but some of it was
never implemented. I suppose it might have been less confusing to not
print the never changing fields.

Some sort of policy framework (but probably a lot simpler) is also on
the todo list.

> These are really disadvantages in comparison with the OpenAFS
> kaserver.

I've never missed them, but I can understand why people like them.

> Why did you switch?

I don't think we ever run the kaserver, but for the switch krb4 ->
krb5, the major issue is security, plus some other new features.

/Johan