This is a discussion on Re: Principal attributes and policy in LDAP Realm - Kerberos ; >>> On Sat, Jun 7, 2008 at 1:46 AM, in message , Klaus Heinrich Kiwi wrote: > Hi, > > I hav some questions regarding how data is organized when using the > LDAP KDB plugin for a realm. I ...
>>> On Sat, Jun 7, 2008 at 1:46 AM, in message
<firstname.lastname@example.org>, Klaus Heinrich Kiwi
> I hav some questions regarding how data is organized when using the
> LDAP KDB plugin for a realm. I hope this is the right place to ask.
> I have a Realm set-up using the LDAP backend. First thing is: when
> querying a principal using kadmin, why attributes such as 'Last
> [successful,failed] authentication' and 'Failed password attempts' are
> never filled-up? After failing some authentication attempts I have the
> Last modified: Fri Jun 06 16:24:09 BRT 2008 (klaus/admin@MYREALM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
These attributes are updated only when the KDC is built with the
> Also, where in the LDAP database is the 'last modified' attribute
Last modification time is part of tl_data and entry's tl_data is stored
in krbExtraData attribute.