MIT KDC & Windows Client - change password & cross realm referral

Sam Hartman hartmans at MIT.EDU
Fri May 28 14:51:24 EDT 2004


>>>>> "Lara" == Lara Adianto <m1r4cle_26 at yahoo.com> writes:

    Lara> Hello, I've been experimenting with heimdal kerberos on the
    Lara> cross-realm authentication, for windows 2000 clients to
    Lara> authenticate to heimdal KDC, and just found out that there
    Lara> seems to be a problem with the changing password
    Lara> interoperability between the win2k client and heimdal KDC.

    Lara> Therefore, I intend to switch to MIT Kerberos but need to
    Lara> confirm the interoperability features of MIT KDC and windows
    Lara> clients:

    Lara> 1. Is the any issue of change password incompatibility
    Lara> between MIT KDC and windows clients ? Will a user from a
    Lara> win2k / winXP machine be able to change his/her password in
    Lara> MIT KDC using ctrl-alt-del or when the password is expired ?

    Lara> In the following link:
    Lara> http://mailman.mit.edu/pipermail/kerberos/2004-April/005326.html,
    Lara> Jeffrey Altman wrote:
    Lara> "I have just tested MIT KDC 1.3.3 with two machines.  One
    Lara> which is part of a Windows domain which uses cross-realm
    Lara> trust with a MIT KDC to perform login.  In this case the
    Lara> password change does not appear to work on expiration."

    Lara> Has anyone found a way to solve the above problem ? or is
    Lara> this still a limitation of the interoperability between MIT
    Lara> Kerberos KDC and windows client ?

Jeff described in a later message that you can solve the problem by
telling the Windows workstation that the MIT realm does not support
TCP.

--Sam



More information about the Kerberos mailing list