Unable to change expired Kerberos passwords on Windows XP
Priit Randla
priit.randla at eyp.ee
Fri Feb 25 08:38:33 EST 2005
Hello,
I'm (actually, users are ;-)) having difficulties with Kerberos
password expiery.
If the user's password expires, XP correctly sends them to the password
change screen.
User then has to change his/her username to username at REALM (otherwise
Windows
seems unable to contact KDC) and fill in old/new password fields.
Now the interesting part begins - if users username is all _lowercase_,
password change
succeeds, login fails, next login succeeds.
If username contains any _uppercase_ letters, password change fails with
error
'1326: Logon failure : unknown user name or bad password'
Password change with MIT or Heimdal clients works.
KDC log doesn't show anything bad, error is the same for both MIT and
Heimdal KDC's.
Password change for those users works also on Windows, if the password
isn't expired.
Regards,
Priit
More information about the Kerberos
mailing list