Versions Compared

Old Version 2

changes.mady.by.user Christine Koppelt

Saved on

compared with

New Version Current

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Note
titleWork in progress

This site is in the process of being reviewed and updated.

Wiki Markup
{scrollbar}

5.5. Change Password Protocol Provider

...

Children Display
alltrue
styleh4

Introduction

The Change Password service is a protocol provider that implements RFC 3244 to service Kerberos Change Password and Set Password Protocol requests. Change Password is a request-reply protocol that uses Kerberos infrastructure to allow users to securely set initial passwords or to change existing passwords. The Change Password protocol interoperates with the original Kerberos Change Password protocol, while adding the ability for an administrator to set a password for a new user.

...

  • Original Kerberos password changing service
  • Initial password setting service (RFC 3244)
  • Optional LDAP management
  • UDP and TCP Support (MINA)
  • Traffic throttling (MINA)
  • Overload shielding (MINA)
  • Easy POJO embeddability for containers such as Geronimo, JBoss, and OSGi

Configuration

...

Change Password Property

...

Default Value

...

Description

...

changepw.principal

...

kadmin/changepw@EXAMPLE.COM

...

Principal for this Change Password server

...

changepw.primary.realm

...

EXAMPLE.COM

...

Primary realm this Change Password service serves

...

changepw.port

...

464

...

The port for the Change Password protocol to use

...

changepw.entry.basedn

...

ou=Users,dc=example,dc=com

...

Base DN for looking up users

...

changepw.encryption.types

...

des-cbc-md5

...

Allowed Kerberos Cipher Text type(s)

...

changepw.empty.addresses.allowed

...

true

...

Whether tickets issued with empty Host Addresses are allowed

Changing Passwords with Windows 2003

Configure the Windows 2003 workstation to use an Apache Change Password server:

Code Block

C:> Ksetup /addkpasswd REALM.EXAMPLE.COM kdc.realm.example.com

Change a password using Windows Security:

1. After logging on, press CTRL+ALT+DEL.
Image Added
2. Click on the button labeled "Change Password ..."
3. Enter the Old Password and New Password (twice) and click OK.
Image Added

Or change a password using the Command Prompt:

Code Block

C:> Ksetup /domain /changepassword <old-password> <new-password>

...

changepw.allowable.clockskew

...

5 minutes

...

Allowable clockskew for all Change Password transactions

...

changepw.password.length

...

6 characters

...

Minimum password length

...

changepw.category.count

...

3 (out of 4)

...

Number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... )

...

changepw.token.size

...

3 characters

...

Password must not contain tokens larger than 3 characters that occur in the user's principal name.

...

changepw.buffer.size

...

1024

...

Buffer size for MINA ByteBuffers

...

java.naming.ldap.attributes.binary

...

krb5Key

...