-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 23 Aug 2005 at 02:45 (-0000), Jeffrey Altman wrote:
I can verify that there is a problem although I cannot determine at the
moment what the source of it is. What is the most recent version of KFW
that you are aware works?
Jeffrey,
Further investigation by my Windows colleagues appears to reveal that
password changing fails only when issued from a NAT'ed private IP address.
This is true both for KfW and for native Windows Kerberos password
changing.
But this problem has apparently existed for some time with admin functions
in general (e.g., kadmin) and not only from Windows systems.
So, as it stands, we have no evidence of a new problem either with recent
KfW releases or with a current version of the KDC.
Is the problem that you say you can verify perhaps also related to NAT'ed
private IP addresses?
Mike
=========================================================================
Mike Friedman wrote:
I posted on this a few days ago but haven't received any replies, so I
figure it may have fallen through the cracks.
It seems that with the current release of KfW, password changing fails
to either a 1.3.4 or 1.4.2 KDC. Yet, earlier versions of KfW don't
have this problem. Similarly with Windows native Kerberos password
changing. I haven't done testing of the latter myself, but a colleague
who works on Windows has.
The message he receives is this:
Server error: Failed decrypting request
The KDC logs show a successful issuing of the kadmin/changepw service
credential, but no further action indicating a change password
transaction.
I suspected a client host firewall problem (re: UDP 464), but the
problem continues even with no firewall rules in place.
Has something changed with the new versions of KfW?
Thanks.
Mike
_____________________________________________________________________
Mike Friedman System and Network Security
[EMAIL PROTECTED] 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
_____________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBQxiC3K0bf1iNr4mCEQKgMACfUxcz33s0kZF2e9PnP8jvbAvB2QcAoPuo
JueMbogEsfXG7dAIEhsZ7k3R
=t4w9
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
