Changing passwords in MS KDC from MIT krb5
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue May 7 09:29:00 EDT 2002
I believe the kpasswd utility in MIT 1.2.X (src/clients/kpasswd)
will work for changing passwords on a Microsoft AD server.
However, there is some confusion in the MIT distrib. because
there are actually 3 utilities for password changing:
1. kpasswd - built under src/clients/kpasswd
2. kpasswd - built under src/kadmin/passwd
3. kadmin - built under src/kadmin/cli
Only #1 works for changing passwords on an MS AD server,
the other 2 use the OpenVision Auth-GSS stuff which is not
compatible with Microsoft's supported password changing
protocol.
While #1 does not exactly support the full IETF proposal for
passwd set/change, it does support just enough to allow a user
to change their password on an AD server.
-Wyllys Ingersoll
Sam Hartman wrote:
> MIt does not and probably never will support this RFC. It is a
> Microsoft specific extension to the set password protocol. There is a
> standards track protocol under discussion in the Kerberos working
> group of the IETF that MIT will likely support once the protocol is
> completed.
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list