Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expired accounts are reported as locked out #27

Open
AdrianVollmer opened this issue Sep 29, 2020 · 1 comment
Open

Expired accounts are reported as locked out #27

AdrianVollmer opened this issue Sep 29, 2020 · 1 comment

Comments

@AdrianVollmer
Copy link

I noticed that a lot of accounts are reported as locked out, which isn't really possible with a lockout duration of 30 minutes. I checked a few accounts and noticed that they have expired months or years ago. This makes the use of --safe pretty pointless. I guess the Kerberos error code ERR_CLIENT_REVOKED doesn't really tell us why the credentials have been revoked, so there is not much that can be done about this. But it could be mentioned in the console output that account isn't necessarily locked, but could also be expired (or possibly disabled?).
@ropnop
Copy link
Owner

ropnop commented Nov 14, 2020

Good point. I can make the error message clearer. Maybe a better implementation of --safe would be to check if we get ERR_CLIENT_REVOKED a certain number of times in a row (maybe 3? 5?). That would more likely indicate that our current scan is causing these and we're locking accounts out one-by-one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ropnop @AdrianVollmer