Support for Microsoft Set Password protocol

Paul W. Nelson nelson at
Wed Apr 2 17:45:54 EST 2003

I hacked the 1.3 alpha code to force the version number to be set to 0x0002.
Unfortunately, here is what a Microsoft Server 2003 (their latest) does:

1) The Microsoft KDC does not respond to a change password request with the
version set to 0x0002 at all.
2) It puts an error in the system event log (event id 23) with:
    The KDC Received invalid messages of type changepassword.

This is the worst possible behavior for trying to support both new and old
servers from an application (ie: negotiate a version to use).
Paul W. Nelson
Thursby Software Systems, Inc.

> From: Nicolas Williams <Nicolas.Williams at>
> Date: Wed, 2 Apr 2003 13:27:55 -0800
> To: Ken Hornstein <kenh at>
> Cc: krbdev at MIT.EDU
> Subject: Re: Support for Microsoft Set Password protocol
> and that all existing
> implementations respond to requests from clients using major protocol
> versions other than the servers' (I'm not sure) then negotiation can be
> done, though as I've said earlier, not securely.

More information about the krbdev mailing list