Kerberos, Windows 2000 and IBM
Gustavo_Mayordomo_Herraiz/ATCA at atca.es
Wed Aug 13 07:23:14 EDT 2003
I think so, but I can ask it to IBM. I think so because we can change
the password from Windows normally.
We only have problems when the KDC ( IBM Server) tells to Windows
client ( Workstation ) that the password is
expired and it must be changed. Windows shows this message and shows the
box with the userid, old password and new password fields for changing it.
And then, the system doesn´t work and show the message : ' the system
cannot change your password now because the domain domain_name is not
Since the Workstation receives from the Host the message for changing
the password, the Workstation doesn´t try to comunicate with the IBM Host.
We have put a sniffer in the Workstation and we have seen that the
Workstation ( w2000 profesional) ask to the DNS ( W2000 Server, where is
the DNS, Active Directory,....) for a resource called "_ldap._tcp.dc.
_msdcs.<domain_name >". This resource is not defined and then the
Workstation make a broadcast asking for it. A few moments later, as nobody
answer it, it shows the message.
I think that if it was a problem in Windows environment then it
would happen not only with an IBM external KDC: it also happens with
another operating system ( Sun, Linux,..) that acts as master KDC.
Luke Howard <lukeh at PADL.COM>@mit.edu con fecha 13/08/2003 10:11:43
Por favor, responda a lukeh at PADL.COM
Enviado por: kerberos-bounces at mit.edu
Destinatarios: Gustavo_Mayordomo_Herraiz/ATCA at atca.es
CC: kerberos at mit.edu
Asunto: Re: Kerberos, Windows 2000 and IBM
>We are try to make an authentication method between Windows 2000
>and IBM ZOS using Kerberos. The IBM Host works as the KDC server and
>as client. It works, but when the password is expired in the
>environment and we try to change it frow Windows 2000 Profesional client
>we received the message ' the system cannot change your password now
>because the domain domain_name is not available '.
Does the IBM KDC support RFC 3244 ("Microsoft Windows 2000 Kerberos Change
Password and Set Password Protocols")?
Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos