Changing passwords in MS KDC from MIT krb5
Douglas E. Engert
deengert at anl.gov
Tue May 7 09:59:01 EDT 2002
Wyllys Ingersoll wrote:
>
> I believe the kpasswd utility in MIT 1.2.X (src/clients/kpasswd)
> will work for changing passwords on a Microsoft AD server.
>
> However, there is some confusion in the MIT distrib. because
> there are actually 3 utilities for password changing:
>
> 1. kpasswd - built under src/clients/kpasswd
> 2. kpasswd - built under src/kadmin/passwd
> 3. kadmin - built under src/kadmin/cli
The WIN32 krb5.exe from
kfw-2.1.2\athena\auth\krb5\src\windows\cns
also works against the W2K AD.
>
> Only #1 works for changing passwords on an MS AD server,
> the other 2 use the OpenVision Auth-GSS stuff which is not
> compatible with Microsoft's supported password changing
> protocol.
>
> While #1 does not exactly support the full IETF proposal for
> passwd set/change, it does support just enough to allow a user
> to change their password on an AD server.
>
> -Wyllys Ingersoll
>
> Sam Hartman wrote:
> > MIt does not and probably never will support this RFC. It is a
> > Microsoft specific extension to the set password protocol. There is a
> > standards track protocol under discussion in the Kerberos working
> > group of the IETF that MIT will likely support once the protocol is
> > completed.
> > _______________________________________________
> > krbdev mailing list krbdev at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/krbdev
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/krbdev
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list