Univention Bugzilla – Bug 34156
univention-s4search should not try kerberos by default
Last modified: 2020-07-02 00:57:20 CEST
While testing the bad password lockout I discovered that univention-s4search -Utestuser%wrongpassword increases the badPwdCount by 2. If "-k no" is given, the badPwdCount only increases by 1. I think we may better default to this setting to avoid the additional Kerberos operation. From diffing the logs it looks like this also reduces the steps performed during a successful authorization. This new default can then be overridden by appending a "-k yes" on the commandline.
See https://forge.univention.org/bugzilla/show_bug.cgi?id=41835#c1 for a possible fix.