Perl question
Digant C Kasundra
digant at uta.edu
Thu Sep 22 16:19:05 EDT 2005
Actually, I lied. I did create a new service/checkpw principal and gave
it the pw change service flag and that's what I'm using to check the
password. I should probably verify that ticket with a keytab.
On Thu, 2005-09-22 at 13:54 -0400, Tom Yu wrote:
> >>>>> "digant" == Digant C Kasundra <digant at uta.edu> writes:
>
> digant> Ah, that work. I tried to get a ticket for kadmin/changepw
> digant> instead of a TGT for the realm. Thanks for the lead!
>
> Please remember that you need to verify the ticket you get, or else an
> attacker could collude with an imposter KDC to log in. I would hope
> that you do not have a key for verifying kadmin/changepw tickets on
> your client machines, thus Mike's suggestion for a different principal
> with that attribute set.
>
> ---Tom
More information about the Kerberos
mailing list