Fwd: krb5_change_password() message string from server is empty
Arpit Srivastava
arpit.orb at gmail.com
Mon Jun 17 08:00:52 EDT 2013
Greg said
"Active Directory servers send back a result string which begins with two
zero bytes (so it looks like an empty string) but is then followed with
some binary values giving policy information. In 1.11, we added an API
krb5_chpw_message() to interpret the result string as a displayable
string. The kpasswd client uses this API."
How to interpret these binary values as readable strings in case I dont
want to use krb5_chpw_message() ?
---------- Forwarded message ----------
From: Arpit Srivastava <arpit.orb at gmail.com>
Date: Mon, Jun 17, 2013 at 5:25 PM
Subject: krb5_change_password() message string from server is empty
To: krbdev at mit.edu
Hi,
When krb5_change_password() returns 0 but result_code is not equal to zero,
the result_string and result_code_string must contain some message from the
server.
When I am using standard kpasswd binary, I am getting a Password change
rejected: You can not change password more than once a day.... message.
But, when I am using the api in my application, I am getting empty strings.
However, password change works fine in case of success (both ret and
result_code
are zero).
What could the reason for not getting the strings properly?
Arpit
More information about the krbdev
mailing list