On Jan 20, 2010, at 08:47, John Hascall wrote: > What I would do is: > 1) make sure my KDCs were configured "--with-kdc-kdb-update" when > built
Last I looked, this information still gets stored locally on each KDC, and is overwritten when the master->slave propagation happens. So a successful "login" that happened to use a slave KDC might go unnoticed. There was some work going on to make the propagation not trash this per-KDC data; I don't know if it's done yet or if it got into the 1.8 branch. (Also, the "--with-kdc-kdb-update" code didn't compile, for a while.) > 3) then I would look through my latest krop dump for lines > starting with > "princ" and grab the 7th and 13th fileds. For example: We really should make it easier to extract these data in a more helpful form... :-) Ken -- Ken Raeburn / raeb...@mit.edu / no longer at MIT Kerberos Consortium ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos