Changing passwords in MS KDC from MIT krb5
curtis at oushi.org
Wed May 8 16:05:01 EDT 2002
Ok, I have the code necessary to take the password set in iPlanet
Directory Server. I have the sample MS code to change the password
for the users. What I am having trouble is the functions necessary to
transform the admin username and password to the krb5_ccache variable
out to feed to the MS change password function?
Function for setting password:
int set_passwd (char *targpname,
Create these variables:
char pname = "administrator";
char passwd = "secret";
krb5_principal targprinc, princ;
krb5_data result_code_string, result_string;
Create the context with:
krb5_parse_name (context, pname, &princ);
krb5_parse_name (context, targpname, &targprinc);
Something between this gets the krb5_ccache from the pname and passwd.
Set the password (MS Function):
ret = krb5_set_password(context, ccache, passwd_new, targprinc,
On Tue, May 07, 2002 at 07:33:58AM -0700, Booker C. Bense wrote:
> On Mon, 6 May 2002, Curtis Robinson wrote:
> > Is there support for rfc 3244? This rfc tells how to change the
> > password of other users with an admin account. I am trying to write a
> > plugin for iPlanet Directory Server to sync the password coming into the
> > LDAP Server and change the password over on the MS KDC. But, the MIT
> > krb5 needs to support the ability to login as the administrator under
> > Windows and change the password of a different user. I have searched,
> > but I could not find any indication if it is or not supported by the MIT
> > krb5 implementation.
> - As far as I know the changing password with an admin account is not
> supported by the MIT code. I used the MS supplied kerberos
> interoperablity code to implement a somewhat similar scheme
> here at Stanford. I'm pretty sure that changing the password
> as a user is supported by the MIT code.
> - I'm not sure if I can hand out my modified MS code or not. I think
> it has dissappeared from the MS web sites. At least when I tried to
> find it again it was gone from the URI I downloaded it from.
> - You can also change the password in AD by using the ldap protocol
> over ssl.
> - Booker C. Bense
> krbdev mailing list krbdev at mit.edu
crobinso at fit.edu
More information about the krbdev