[Building Sakai] A recent outage caused by Kerberos upgrade.
Lydia Li
lydial at stanford.edu
Wed Apr 28 15:41:00 PDT 2010
Seth Theriault wrote:
> Lydia Li wrote:
>
>
>> I guess we could change this single valued property to
>> multi-valued property that includes old and new messages.
>>
>
> If you would like to provide a patch for this capability, we
> could certainly check into it.
>
Our IT said that these fake attempts to check userKnownKerberos "are basically
indistinguishable from an attack on the KDC. If we ever implemented account
lockout or other defenses against attempts to crack Kerberos passwords,
either Coursework or possibly the users Coursework is checkout would be locked
out of Kerberos for the repeated failed login".
So they have suggested me to instead log in to our ldap and check the kerberosStatus for a user.
This, however, would be an institution specific implementation.
thanks,
Lydia
> Seth
>
More information about the sakai-dev
mailing list