Support for Microsoft Set Password protocol
Paul W. Nelson
nelson at thursby.com
Wed Apr 2 18:17:02 EST 2003
A preliminary test shows that the tcp connection just gets dropped without
any response. This is much better that the UDP result. At least you can do
something about this...
--
Paul W. Nelson
Thursby Software Systems, Inc.
> From: Nicolas Williams <Nicolas.Williams at sun.com>
> Date: Wed, 2 Apr 2003 14:51:47 -0800
> To: "Paul W. Nelson" <nelson at thursby.com>
> Cc: Ken Hornstein <kenh at cmf.nrl.navy.mil>, krbdev at MIT.EDU
> Subject: Re: Support for Microsoft Set Password protocol
>
> What if the client uses TCP? Does the MS kpasswd service even support
> TCP? (rfc3244 mentions TCP but does not make TCP support an explicit
> requirement - then again, it is an informational rfc...).
>
> If the TCP behaviour is more acceptable then negotiation can still be
> done. Otherwise MS will have to patch their kpasswd service - remember,
> if MS wants to implement v2 then MS will need a way for clients to
> negotiate the protocol version...
>
> Or we could move kpasswd v2 to a different port number and then
> negotiation would go like this:
>
> - try v2
> - try v0xff80
> - try v1
>
> (yuck!)
>
> Thanks,
>
> Nico
>
> On Wed, Apr 02, 2003 at 04:45:54PM -0600, Paul W. Nelson wrote:
>> I hacked the 1.3 alpha code to force the version number to be set to 0x0002.
>> Unfortunately, here is what a Microsoft Server 2003 (their latest) does:
>>
>> 1) The Microsoft KDC does not respond to a change password request with the
>> version set to 0x0002 at all.
>> 2) It puts an error in the system event log (event id 23) with:
>> The KDC Received invalid messages of type changepassword.
>>
>> This is the worst possible behavior for trying to support both new and old
>> servers from an application (ie: negotiate a version to use).
>>
>> --
>> Paul W. Nelson
>> Thursby Software Systems, Inc.
More information about the krbdev
mailing list