Problem changing expired Windows 2000 passwords
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Tue Aug 17 11:29:41 EDT 2004
Hi,
I am not sure if this is useful or not, but we recently noticed
something odd when logging in with user at REALM. If you login with an
account name of this format and the account is set to use DES keys the
client principal name shown in Windows cache is user at domain@REALM
instead of user at REALM ...
Regards, Tim.
-----Original Message-----
From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] On
Behalf Of Jeffrey Altman
Sent: 17 August 2004 16:06
To: kerberos at MIT.EDU
Subject: Re: Problem changing expired Windows 2000 passwords
I believe this is a documented bug which Microsoft chooses not to
fix. The user is required to login using
user at REALM
instead of just the username.
Jeffrey Altman
rodolfo at ime.unicamp.br wrote:
> Hi!
>
> We have a Windows 2000 domain with workstations performing
authentication
> at a MIT Kerberos KDC. It works fine but, if the user's password has
> expired, the Windows workstations displays it's normal "password
expired"
> alert, but when the user tries to change this password, Windows shows
the
> "domain not available" message.
>
> Running tcpdump at the kdc, I show no kerberos related traffic when
this
> password-change is tried.
>
> There is a article at Microsoft about a similar problem, but it says
the
> issue is solved with service pack 1. We have service pack 4 at our
> windows workstations.
>
> Some idea???
>
> Tnks!
>
> []s!
> Rodolfo
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list