[29937] in Kerberos
Re: Principal attributes and policy in LDAP Realm
daemon@ATHENA.MIT.EDU (Savitha R)
Mon Jun 9 04:53:34 2008
Message-Id: <484D3CBD.C217.0053.0@novell.com>
Date: Mon, 09 Jun 2008 02:52:53 -0600
From: "Savitha R" <rsavitha@novell.com>
To: "Klaus Heinrich Kiwi" <klausk@linux.vnet.ibm.com>, <kerberos@mit.edu>
In-Reply-To: <1212783367.27162.15.camel@klausk.br.ibm.com>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>> On Sat, Jun 7, 2008 at 1:46 AM, in message
<1212783367.27162.15.camel@klausk.br.ibm.com>, Klaus Heinrich Kiwi
<klausk@linux.vnet.ibm.com> wrote:
> Hi,
>
> I hav some questions regarding how data is organized when using the
> LDAP KDB plugin for a realm. I hope this is the right place to ask.
>
> I have a Realm set-up using the LDAP backend. First thing is: when
> querying a principal using kadmin, why attributes such as 'Last
> [successful,failed] authentication' and 'Failed password attempts' are
> never filled-up? After failing some authentication attempts I have the
> following:
> ...
> Last modified: Fri Jun 06 16:24:09 BRT 2008 (klaus/admin@MYREALM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> ...
>
These attributes are updated only when the KDC is built with the
"--with-kdc-kdb-update" option.
> Also, where in the LDAP database is the 'last modified' attribute
> placed?
>
Last modification time is part of tl_data and entry's tl_data is stored
in krbExtraData attribute.
-Savitha
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
