Unable to change expired Kerberos passwords on Windows XP

Priit Randla priit.randla at eyp.ee
Fri Feb 25 08:38:33 EST 2005


    I'm (actually, users are ;-)) having difficulties with Kerberos 
password expiery.
If the user's password expires, XP correctly sends them to the password 
change screen.
User then has to change his/her username to username at REALM (otherwise 
seems unable to contact KDC) and fill in old/new password fields.
Now the interesting part begins - if users username is all _lowercase_, 
password change
succeeds, login fails, next login succeeds.
If username contains any _uppercase_ letters, password change fails with 
'1326: Logon failure : unknown user name or bad password'
Password change with MIT or Heimdal clients works.
KDC log doesn't show anything bad, error is the same for both MIT and 
Heimdal KDC's.
Password change for those users works also on Windows, if the password 
isn't expired.


More information about the Kerberos mailing list