Changing passwords in MS KDC from MIT krb5

Booker C. Bense bbense at
Tue May 7 10:35:01 EDT 2002

On Mon, 6 May 2002, Curtis Robinson wrote:

> Is there support for rfc 3244?  This rfc tells how to change the
> password of other users with an admin account. I am trying to write a
> plugin for iPlanet Directory Server to sync the password coming into the
> LDAP Server and change the password over on the MS KDC.  But, the MIT
> krb5 needs to support the ability to login as the administrator under
> Windows and change the password of a different user. I have searched,
> but I could not find any indication if it is or not supported by the MIT
> krb5 implementation.

- As far as I know the changing password with an admin account is not
supported by the MIT code. I used the MS supplied kerberos
interoperablity code to implement a somewhat similar scheme
here at Stanford. I'm pretty sure that changing the password
as a user is supported by the MIT code.

- I'm not sure if I can hand out my modified MS code or not. I think
it has dissappeared from the MS web sites. At least when I tried to
find it again it was gone from the URI I downloaded it from.

- You can also change the password in AD by using the ldap protocol
over ssl.

- Booker C. Bense

More information about the krbdev mailing list