"forwarded" kpasswd changes
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jun 4 21:45:46 EDT 2015
>I don't know what causes this, but it's definitely not you. I've seen
>this behavior for years. The client appears to be complaining about the
>response from the server, which it thinks has the wrong net address (or
>something; I was always murky on the details), but the change goes through
>anyway.
I haven't tried that combination, but from memory the issue is that
the kpasswd protocol uses a KRB-PRIV message and the issue was that
you can't omit an IP address from it (let me check ... yes, the sender's
address is not optional in a KRB-PRIV message). You could run kpasswd
under a debugger to figure out what the "wrong" address is. But I suspect
it would be just easier to modify the MIT client to ignore the IP address
on the KRB-PRIV on the reply message.
>The kpasswd protocol is horrible.
+1
--Ken
More information about the Kerberos
mailing list