[krbdev.mit.edu #4955] Referrals code breaks krb5_set_password_using_ccache to Active Directory
Alexandra Ellwood via RT
rt-comment at krbdev.mit.edu
Wed Nov 29 17:06:00 EST 2006
Using the set change password API involves getting a kadmin/changepw service ticket via
krb5_get_credentials(). This doesn't work against MIT's Active Directory server and prevents
the set change password from succeeding.
lxs at ra-tilt.mit.edu: klist
Kerberos 5 ticket cache: 'API:1'
Default principal: lxs at WIN.MIT.EDU
Valid Starting Expires Service Principal
11/29/06 17:00:06 11/30/06 03:00:07 krbtgt/WIN.MIT.EDU at WIN.MIT.EDU
renew until 12/06/06 17:00:06
lxs at ra-tilt.mit.edu: kvno kadmin/changepw at WIN.MIT.EDU
krb5_get_cred_from_kdc_opt: referral routing loop afer 0 hops
kvno: Cannot contact any KDC for requested realm while getting credentials for 'kadmin/
changepw at WIN.MIT.EDU'
Also we might want to fix the typo in the warning message (s/afer/after).
More information about the krb5-bugs
mailing list