[29693] in Kerberos
Re: Last Successful Login always equals "never"
daemon@ATHENA.MIT.EDU (Marcus Watts)
Fri Apr 18 13:11:22 2008
to: kerberos@mit.edu
In-reply-to: <4808CB22.7070000@ugcs.caltech.edu>
Date: Fri, 18 Apr 2008 13:08:51 -0400
From: Marcus Watts <mdw@umich.edu>
Message-Id: <E1Jmu4x-0000pK-GJ@spam.ifs.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Various wrote:
> Date: Fri, 18 Apr 2008 09:24:02 PDT
> To: pachl <clintpachl@gmail.com>
> cc: kerberos@mit.edu
> From: Joshua Hutchins <jdhutchin@ugcs.caltech.edu>
> Subject: Re: Last Successful Login always equals "never"
>
> pachl wrote:
> > When running ``kadmin get <principle>`` for any principle, the "Last
> > successful login" and the "Last failed login" lines always equal
> > "never." What does the "Last successful login" line mean? Where and
> > how would I have to login to change the status of this line from
> > "never"?
> >
> > I have used kinit from from several machines and have also used the
> > system login at the console, which exclusively uses kerberosV (local
> > password file is disabled).
> >
> > All my machines in the Kerberos realm are OpenBSD 4.1 and use Heimdal
> > 0.7.2.
> >
> > -pachl
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> We have the same problem here with Debian and MIT Kerberos Version 5,
> Release 1.6.3 (installed from Debian packages). All our principals
> require pre-auth. We haven't spent any time debugging it, but if
> there's a simple solution, we'd love to know it.
>
> Thanks, Joshua
Besides preauth (which you need to detect failures),
you need to rebuild krb5kdc with
--with-kdc-kdb-update
I don't know how well tested that code is.
It may also have performance constraints in a very large environment.
-Marcus Watts
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
