Password change (MIT kerberos & Windows AD)
Sven Kivistik
sven.kivistik at eyp.ee
Wed Nov 3 06:47:18 EST 2004
Hi
I have following problem.
MIT kerberos working together with Windows 2000 domain with cross-realm
trust.
Users can authenticate themselves in W2K workstation against MIT
kerberos realm.
As I see everything works fine with authentication.
But....
When user attempts to change his/her Kerberos password password change
attempt fail with following error:
"Unable to change the password on this account due to the following
error: 1326: Logon Failure : unknown user name or bad password"
Currently we have implemented Kerberos user names with first capital
letter.
For testing purpouse I created user name with only small letters. And
Voila. Password changed successfully.
So when user name consist only small letters password change works but
when user name first letter is capitalized password change does not
work..... Where is the problem????
******
kdc.log
Nov 2 12:03:32 src at host krb5kdc[19607]: AS_REQ (7 etypes {23 -133-128 3
1 24 -135}) 192.168.0.100: ISSUE: authtime 1099389812, etypes {rep=3
tkt=1 ses=1}, Username at REALM.COM for kadmin/changepw at REALM.COM
Nov 2 12:03:32 src at host krb5kdc[19607]: AS_REQ (7 etypes {23 -133-128 3
1 24 -135}) 192.168.0.100: ISSUE: authtime 1099389812, etypes {rep=3
tkt=1 ses=1}, Username at REALM.COM for kadmin/changepw at REALM.COM
Nov 2 12:03:32 src at london2 krb5kdc[19607]: DISPATCH: repeated
(retransmitted?) request from 192.168.0.100, resending previous response
Nov 2 12:03:32 src at london2 krb5kdc[19607]: DISPATCH: repeated
(retransmitted?) request from 192.168.0.100, resending previous response
*******
Regards,
Sven
More information about the Kerberos
mailing list