computer account change password with Windows 2008 domain

Michael Engemann engemam at uni-muenster.de
Wed Jan 7 09:45:49 EST 2009


Hi,

we are also experiencing the bug in Windows Server 2008 that was mentionend on this list in April 2008 by Russ Allberry:

* Microsoft broke password changes via the LDAP protocol with SASL GSSAPI
  binds in Windows 2008.  In Windows 2003, provided that you didn't try to
  negotiate an SASL privacy layer, you could connect via TLS and
  authenticate with GSSAPI and query or set the password attribute
  directly.  In Windows 2008, this no longer works; you always get the
  error from the server that you are not permitted to negotiate a privacy
  layer when using TLS, even though you're not trying to.  We've already
  filed this as a bug.

Are there probably any news about a fix or a known workaround?

Thanks in advance,

Michael




More information about the Kerberos mailing list