Read this article to find out why using M$ Kerberos in an integrated
environment isn't
such a smart idea. My someone in the group can suggest something else, maybe
cross Realm
authentication is the way to go. Mostly though it appears to be a management
nightmare.
-----Original Message-----
From: bryantac67 (at) yahoo (dot) com [email concealed] [mailto:bryantac67 (at) yahoo (dot) com [email concealed]]
Sent: Wednesday, July 30, 2003 2:12 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: change NT passwords Kerberos
Hi,
I am using Kerberos to authenticate against our AD (it
has Kerberos setup on it). I am able login fine and
everything, but I cannot change my password. This is
the error I get:
I looked around a little, and I read that the ticket
need to be forwardable and renewable. I tried adding
these options to my pam, but it made no difference. I
don't know what version of Kerberos is installed on
our AD, but the clients are running Heimdal. Is there
anything I need to do to fix this problem?? There is
a patch for Heimdal - MIT interoperability, and I've
installed it, but still no success. Any ideas??? Any
help is much appreciated.
Thanks,
Aaron
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
last one.
http://support.microsoft.com/default.aspx?scid=kb;en-us;810755
Read this article to find out why using M$ Kerberos in an integrated
environment isn't
such a smart idea. My someone in the group can suggest something else, maybe
cross Realm
authentication is the way to go. Mostly though it appears to be a management
nightmare.
-----Original Message-----
From: bryantac67 (at) yahoo (dot) com [email concealed] [mailto:bryantac67 (at) yahoo (dot) com [email concealed]]
Sent: Wednesday, July 30, 2003 2:12 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: change NT passwords Kerberos
Hi,
I am using Kerberos to authenticate against our AD (it
has Kerberos setup on it). I am able login fine and
everything, but I cannot change my password. This is
the error I get:
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_authenticate: krb5_get_init_creds_password: KDC
can't fulfill requested option
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_krb5_get_authtok: Authentication failure
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_chauthtok: pam_krb5_get_authtok returns
Authentication failure
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_chauthtok: result for user `xxxx':
Authentication failure
Jul 29 11:11:19 passwd[7437]: User xxxx:
Authentication failure
I looked around a little, and I read that the ticket
need to be forwardable and renewable. I tried adding
these options to my pam, but it made no difference. I
don't know what version of Kerberos is installed on
our AD, but the clients are running Heimdal. Is there
anything I need to do to fix this problem?? There is
a patch for Heimdal - MIT interoperability, and I've
installed it, but still no success. Any ideas??? Any
help is much appreciated.
Thanks,
Aaron
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
[ reply ]