Note | ||
---|---|---|
| ||
This site is in the process of being reviewed and updated. |
Wiki Markup |
---|
{scrollbar} |
5.5. Change Password Protocol Provider
...
Children Display | ||||
---|---|---|---|---|
|
Introduction
The Change Password service is a protocol provider that implements RFC 3244 to service Kerberos Change Password and Set Password Protocol requests. Change Password is a request-reply protocol that uses Kerberos infrastructure to allow users to securely set initial passwords or to change existing passwords. The Change Password protocol interoperates with the original Kerberos Change Password protocol, while adding the ability for an administrator to set a password for a new user.
...
- Original Kerberos password changing service
- Initial password setting service (RFC 3244)
- Optional LDAP management
- UDP and TCP Support (MINA)
- Traffic throttling (MINA)
- Overload shielding (MINA)
- Easy POJO embeddability for containers such as Geronimo, JBoss, and OSGi
Configuration
...
Change Password Property
...
Default Value
...
Description
...
changepw.principal
...
kadmin/changepw@EXAMPLE.COM
...
Principal for this Change Password server
...
changepw.primary.realm
...
EXAMPLE.COM
...
Primary realm this Change Password service serves
...
changepw.port
...
464
...
The port for the Change Password protocol to use
...
changepw.entry.basedn
...
ou=Users,dc=example,dc=com
...
Base DN for looking up users
...
changepw.encryption.types
...
des-cbc-md5
...
Allowed Kerberos Cipher Text type(s)
...
changepw.empty.addresses.allowed
...
true
...
Whether tickets issued with empty Host Addresses are allowed
Changing Passwords with Windows 2003
Configure the Windows 2003 workstation to use an Apache Change Password server:
Code Block |
---|
C:> Ksetup /addkpasswd REALM.EXAMPLE.COM kdc.realm.example.com
|
Change a password using Windows Security:
1. After logging on, press CTRL+ALT+DEL.
2. Click on the button labeled "Change Password ..."
3. Enter the Old Password and New Password (twice) and click OK.
Or change a password using the Command Prompt:
Code Block |
---|
C:> Ksetup /domain /changepassword <old-password> <new-password>
|
...
changepw.allowable.clockskew
...
5 minutes
...
Allowable clockskew for all Change Password transactions
...
changepw.password.length
...
6 characters
...
Minimum password length
...
changepw.category.count
...
3 (out of 4)
...
Number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... )
...
changepw.token.size
...
3 characters
...
Password must not contain tokens larger than 3 characters that occur in the user's principal name.
...
changepw.buffer.size
...
1024
...
Buffer size for MINA ByteBuffers
...
java.naming.ldap.attributes.binary
...
krb5Key
...