Work in progress

This site is in the process of being reviewed and updated.

5.5. Change Password Protocol Provider


Introduction

The Change Password service is a protocol provider that implements RFC 3244 to service Kerberos Change Password and Set Password Protocol requests. Change Password is a request-reply protocol that uses Kerberos infrastructure to allow users to securely set initial passwords or to change existing passwords. The Change Password protocol interoperates with the original Kerberos Change Password protocol, while adding the ability for an administrator to set a password for a new user.

The Change Password service is implemented as a protocol-provider plugin for the Apache Directory server. As a plugin, Change Password leverages Apache MINA for front-end services and the Apache Directory read-optimized backing store via JNDI for persistent directory services.

Change Password, in conjunction with MINA and the Apache Directory, provides an easy-to-use yet fully-featured password service. As implemented within the Apache Directory, Change Password will provide:

  • Original Kerberos password changing service
  • Initial password setting service (RFC 3244)
  • Optional LDAP management
  • UDP and TCP Support (MINA)
  • Easy POJO embeddability for containers such as Geronimo, JBoss, and OSGi

Changing Passwords with Windows 2003

Configure the Windows 2003 workstation to use an Apache Change Password server:

C:> Ksetup /addkpasswd REALM.EXAMPLE.COM kdc.realm.example.com

Change a password using Windows Security:

1. After logging on, press CTRL+ALT+DEL.

2. Click on the button labeled "Change Password ..."
3. Enter the Old Password and New Password (twice) and click OK.

Or change a password using the Command Prompt:

C:> Ksetup /domain /changepassword <old-password> <new-password>
  • No labels