Warning

WARNING: Don't use this in a productive environment!

Activating the Change Password Server

This requires that the Change Password Server is active and that the allowable Clock Skew for the Kerberos Server as well as the Change Password Server is less than 5 minutes (5 * 6000 milliseconds). This is because the ticket lifetime for kpasswd is 5 minutes per default and the ticket lifetime has to greater than the allowable clock skew + network latency. 

  <changePasswordServer id="changePasswordServer" allowableClockSkew="24000">
    <tcpTransport>
      <tcpTransport port="60464" nbThreads="2" backLog="50"/>
    </tcpTransport>
    <udpTransport>
      <udpTransport port="60464" nbThreads="2" backLog="50"/>
    </udpTransport>
	
    <directoryService>#directoryService</directoryService>
  </changePasswordServer>

  <kdcServer id="kdcServer" allowableClockSkew="24000">
     ...
  </kdcServer>
  • No labels