MIT KDC & Windows Client - change password & cross realm referral
Sam Hartman
hartmans at MIT.EDU
Fri May 28 14:51:24 EDT 2004
>>>>> "Lara" == Lara Adianto <m1r4cle_26 at yahoo.com> writes:
Lara> Hello, I've been experimenting with heimdal kerberos on the
Lara> cross-realm authentication, for windows 2000 clients to
Lara> authenticate to heimdal KDC, and just found out that there
Lara> seems to be a problem with the changing password
Lara> interoperability between the win2k client and heimdal KDC.
Lara> Therefore, I intend to switch to MIT Kerberos but need to
Lara> confirm the interoperability features of MIT KDC and windows
Lara> clients:
Lara> 1. Is the any issue of change password incompatibility
Lara> between MIT KDC and windows clients ? Will a user from a
Lara> win2k / winXP machine be able to change his/her password in
Lara> MIT KDC using ctrl-alt-del or when the password is expired ?
Lara> In the following link:
Lara> http://mailman.mit.edu/pipermail/kerberos/2004-April/005326.html,
Lara> Jeffrey Altman wrote:
Lara> "I have just tested MIT KDC 1.3.3 with two machines. One
Lara> which is part of a Windows domain which uses cross-realm
Lara> trust with a MIT KDC to perform login. In this case the
Lara> password change does not appear to work on expiration."
Lara> Has anyone found a way to solve the above problem ? or is
Lara> this still a limitation of the interoperability between MIT
Lara> Kerberos KDC and windows client ?
Jeff described in a later message that you can solve the problem by
telling the Windows workstation that the MIT realm does not support
TCP.
--Sam
More information about the Kerberos
mailing list