Support for Microsoft Set Password protocol

Nicolas Williams Nicolas.Williams at
Wed Apr 2 17:51:47 EST 2003

What if the client uses TCP?  Does the MS kpasswd service even support
TCP?  (rfc3244 mentions TCP but does not make TCP support an explicit
requirement - then again, it is an informational rfc...).

If the TCP behaviour is more acceptable then negotiation can still be
done.  Otherwise MS will have to patch their kpasswd service - remember,
if MS wants to implement v2 then MS will need a way for clients to
negotiate the protocol version...

Or we could move kpasswd v2 to a different port number and then
negotiation would go like this:

 - try v2
 - try v0xff80
 - try v1




On Wed, Apr 02, 2003 at 04:45:54PM -0600, Paul W. Nelson wrote:
> I hacked the 1.3 alpha code to force the version number to be set to 0x0002.
> Unfortunately, here is what a Microsoft Server 2003 (their latest) does:
> 1) The Microsoft KDC does not respond to a change password request with the
> version set to 0x0002 at all.
> 2) It puts an error in the system event log (event id 23) with:
>     The KDC Received invalid messages of type changepassword.
> This is the worst possible behavior for trying to support both new and old
> servers from an application (ie: negotiate a version to use).
> -- 
> Paul W. Nelson
> Thursby Software Systems, Inc.

More information about the krbdev mailing list