[17568] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: suggestion for locating master kdc logic

daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Apr 6 16:45:24 2012

From: Sam Hartman <hartmans@mit.edu>
To: krbdev@mit.edu
Date: Fri, 06 Apr 2012 16:45:08 -0400
In-Reply-To: <20120405235350.GB14892@oracle.com> (Will Fiveash's message of
	"Thu, 5 Apr 2012 18:53:50 -0500")
Message-ID: <tslty0wmvxn.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Looking for kpasswd_server is a bad idea because of AD.
In practice it doubles the number of account lockout  attempts  when you
give a bad password.

We had a fairly long design discussion that lead to the current
logic. However I thought we did look for master KDCs with admin_server.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17568] in Kerberos_V5_Development

Re: suggestion for locating master kdc logic

daemon@ATHENA.MIT.EDU (Sam Hartman)Fri Apr 6 16:45:24 2012

daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Apr 6 16:45:24 2012