...
Code Block |
---|
C:> Ksetup /domain /changepassword <old-password> <new-password> |
Implementation Notes
- RFC 3244 Microsoft Windows 2000 Kerberos Password Change Protocol.
- UDP frontend on port 464 (KPASSWD).
- Default principal kadmin/changepw@REALM.tld.
- AP-REQ, KRB-PRIV, and PRIV-BODY.
- Request-Response protocol - 1 request, 1 response
- AP-REQ requires Authenticator with PRNG subsession key.
- usec and sequence present and same value as seq-number from Authenticator.
- New ASN.1 structure, ChangePasswdData SEQUENCE.
- ChangepwService, needs access to PrincipalStore
- Interceptor for policy checks.
- Eventually need configurable auto-generation of keytypes.
- 9 Error types, with UTF-8 optional/omitted result string.