Account lockout counters not replicating; how to unlock users?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here's my setup; 2 directory servers, 1 supplier, 1 consumer; I'm not
sure why, but for some reason I'm not seeing password retry counters
being replicated from the consumer to the supplier; here is what I've
seen (I have fds setup to lock accounts after 5 bad password attempts,
reset failure count  after 15 minutes):
-if a user types their password incorrectly on a server that binds first
to a consumer, then their password retry count increments only on the
consumer
-if a user successfully binds to the server, then their password retry
count does get reset
This is a problem for a couple of reasons. If an account becomes locked
out because of bad password attempts, I've tried deleting the attributes
of passwordRetryCount and accountUnlockTime
(http://directory.fedora.redhat.com/wiki/Howto:PasswordReset) from the
supplier, however for some reason this is not replicated to the consumer
(is this an indication of a different problem?)  this is a problem as I
have some of my linux servers to look to the supplier first for
authentication, and then the consumer second, and visa versa for load
balancing.  According to fds documentation, account lockout counters may
not work as expected in a multi master environment
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#10864
46 ; this is one of the reasons that I opted for a single master
environment; please advise and thanks.  Given the issues that I'm
having, what is the best way to unlock accounts that have been locked
due to bad password attempts?

Aaron

www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information.  If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited.  If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux