kerberos - Kadmin does not work

Benjamin Kaduk kaduk at MIT.EDU
Thu Mar 5 10:42:25 EST 2015


On Wed, 4 Mar 2015, arun elango wrote:

> Hi Ben,
>
> Thanks.
>
> Yes , Kpasswd can be used . But it requires users interaction in the
> console , I am looking for other methods wherein users dont need to enter
> their passwords in the console. i.e pass the parameters to the kpasswd
> console programatically .

I think we don't understand enough about the actual proposed use case to
be able to give very good advice.  If the password change is to be done
programmatically, where is the actual password string being acquired?
Under what context is this code supposed to run?

The kpasswd protocol specified in RFC 3244 does allow for a privileged
user to set another user's password.  I think the ksetpwd utility in the
same source directory as the kpasswd utility implements the client side of
that behavior, but (1) it is not built on windows and (2) I don't remember
how widely implemented the server side is, in particular the ACL checking.

> However , I heard from one of the members in the mailing list that it is
> not possible to avoid user interaction. See below for our interaction.

That is correct.

-Ben


More information about the Kerberos mailing list