...
- Original Kerberos password changing service
- Initial password setting service (RFC 3244)
- Optional LDAP management
- UDP and TCP Support (MINA)
- Traffic throttling (MINA)
- Overload shielding (MINA)
- Easy POJO embeddability for containers such as Geronimo, JBoss, and OSGi
Configuration
Change Password Property | Default Value | Description |
---|---|---|
changepw.principal | kadmin/changepw@EXAMPLE.COM | Principal for this Change Password server |
changepw.primary.realm | EXAMPLE.COM | Primary realm this Change Password service serves |
changepw.port | 464 | The port for the Change Password protocol to use |
changepw.entry.basedn | ou=Users,dc=example,dc=com | Base DN for looking up users |
changepw.encryption.types | des-cbc-md5 | Allowed Kerberos Cipher Text type(s) |
changepw.empty.addresses.allowed | true | Whether tickets issued with empty Host Addresses are allowed |
changepw.allowable.clockskew | 5 minutes | Allowable clockskew for all Change Password transactions |
changepw.password.length | 6 characters | Minimum password length |
changepw.category.count | 3 (out of 4) | Number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ) |
changepw.token.size | 3 characters | Password must not contain tokens larger than 3 characters that occur in the user's principal name. |
changepw.buffer.size | 1024 | Buffer size for MINA ByteBuffers |
java.naming.ldap.attributes.binary | krb5Key | MANDATORY for JNDI to return Kerberos keys as binary, not String |