[OpenAFS] Account never locked from Windows OpenAFS client

Raghu S raghu_afs@yahoo.com
Wed, 27 Apr 2005 12:09:57 -0700 (PDT)


--0-1409032570-1114628997=:48145
Content-Type: text/plain; charset=us-ascii

Thanks for the response.
 
We are not using IBM Kerberos. We are just using kaserver authentication.
Server (1.2.11) installed on Redhat 3. Windows clients uses OpenAFS client 1.3.77 to connect to their file space. Maximum consecutive unsuccessful authentications value is ineffective for windows users. 
 
Do we have to install MIT kerberos to resolve this?  Do we have to consider using MIT kerberos because kaserver going to be discontinued in near future?
 
Thanks
Raghu

Jeffrey Altman <jaltman@columbia.edu> wrote:
Raghu S wrote:
> We haven't installed MIT Kerberos with windows. We are using native AFS
> authentication.
> 
> Raghu

this implies that you are using the IBM Kerberos 4 implementation
instead of kauth (krb4/rx) and kaserver. I seem to remember seeing this
complaint in the past. As the code paths are different it is quite
possible that the kaserver code does not enforce lockouts in quite the
same way. This is not a bug that I expect anyone is going to expend
effort to track down as we are looking to remove the kaserver
functionality from OpenAFS sometime in the not too distant future after
Kerberos 5 support is better integrated into the UNIX/Linux/MacOSX clients.

Jeffrey Altman


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
--0-1409032570-1114628997=:48145
Content-Type: text/html; charset=us-ascii

<DIV>Thanks for the response.</DIV>
<DIV>&nbsp;</DIV>
<DIV>We are not using IBM Kerberos. We are just using kaserver authentication.</DIV>
<DIV>Server (1.2.11) installed on Redhat 3. Windows clients uses OpenAFS client 1.3.77 to connect to their file space. Maximum consecutive unsuccessful authentications value is ineffective for windows users. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Do we have to install MIT kerberos to resolve this?&nbsp; Do we have to consider using MIT kerberos because kaserver going to be discontinued in near future?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks</DIV>
<DIV>Raghu<BR><BR><B><I>Jeffrey Altman &lt;jaltman@columbia.edu&gt;</I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Raghu S wrote:<BR>&gt; We haven't installed MIT Kerberos with windows. We are using native AFS<BR>&gt; authentication.<BR>&gt; <BR>&gt; Raghu<BR><BR>this implies that you are using the IBM Kerberos 4 implementation<BR>instead of kauth (krb4/rx) and kaserver. I seem to remember seeing this<BR>complaint in the past. As the code paths are different it is quite<BR>possible that the kaserver code does not enforce lockouts in quite the<BR>same way. This is not a bug that I expect anyone is going to expend<BR>effort to track down as we are looking to remove the kaserver<BR>functionality from OpenAFS sometime in the not too distant future after<BR>Kerberos 5 support is better integrated into the UNIX/Linux/MacOSX clients.<BR><BR>Jeffrey Altman<BR><BR></BLOCKQUOTE><p>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam?  Yahoo! Mail has the best spam protection
 around <br>http://mail.yahoo.com 
--0-1409032570-1114628997=:48145--