Support for Microsoft Set Password protocol
Nicolas Williams
Nicolas.Williams at sun.com
Wed Apr 2 17:51:47 EST 2003
What if the client uses TCP? Does the MS kpasswd service even support
TCP? (rfc3244 mentions TCP but does not make TCP support an explicit
requirement - then again, it is an informational rfc...).
If the TCP behaviour is more acceptable then negotiation can still be
done. Otherwise MS will have to patch their kpasswd service - remember,
if MS wants to implement v2 then MS will need a way for clients to
negotiate the protocol version...
Or we could move kpasswd v2 to a different port number and then
negotiation would go like this:
- try v2
- try v0xff80
- try v1
(yuck!)
Thanks,
Nico
On Wed, Apr 02, 2003 at 04:45:54PM -0600, Paul W. Nelson wrote:
> I hacked the 1.3 alpha code to force the version number to be set to 0x0002.
> Unfortunately, here is what a Microsoft Server 2003 (their latest) does:
>
> 1) The Microsoft KDC does not respond to a change password request with the
> version set to 0x0002 at all.
> 2) It puts an error in the system event log (event id 23) with:
> The KDC Received invalid messages of type changepassword.
>
> This is the worst possible behavior for trying to support both new and old
> servers from an application (ie: negotiate a version to use).
>
> --
> Paul W. Nelson
> Thursby Software Systems, Inc.
More information about the krbdev
mailing list