Description of problem: krb5 1.7, as installed on f12, when used with an Microsoft AD server tries incorrect passwords multiple times. As AD account lockouts are often configure theis will lock a users account on the first incorrect password. Version-Release number of selected component (if applicable): 1.6 is fine, 1.7 is broken. How reproducible: 100% Steps to Reproduce: 1. configure krb5.conf to use a AD server 2. kinit <user> 3. Enter incorrect password Actual results: $ kinit user Password for user: kinit: Clients credentials have been revoked while getting initial credentials Now the account is locked. Expected results: $ kinit Password for user: kinit(v5): Preauthentication failed while getting initial credentials Additional info: See this thread on the krb5 mailing list http://mailman.mit.edu/pipermail/kerberos/2009-October/015368.html See http://mailman.mit.edu/pipermail/kerberos/2009-October/015375.html for a possible patch.
Probably a dupe of Bug #554351.
(In reply to comment #1) > Probably a dupe of Bug #554351. Yep, it's the same one alright. It should be fixed in 1.7.1, which I hope to get into updates-testing today.
I think this bug can be closed; I haven't seen the problem since upgrading to the fixed krb package.
Alright, then. Thanks!