Hi, I have some questions about the implementation of KDC lockout support in recent versions of MIT K5. Some things aren't completely clear to me, or aren't addressed at all, in the documentation I have.
1. The docs say that lockout settings for a principal are not replicated. So, if I have a user who's been locked on the master /and/ secondary KDCs (presumably the latter would have been done automatically by the KDC per lockout policy), how would I /manually /unlock this user on /all/ KDCs? In particular, how could I do the unlock on a secondary KDC (which wouldn't be running kadmind)? 2. When a locked user attempts authentication, what error code is returned by the KDC? For example, how would an application that uses the MIT K5 API to support proxy authN detect a locked user at authentication time? Thanks. Mike -- Mike Friedman mi...@berkeley.edu http://mikefberkeley.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
