On 03/08/2016 12:19 PM, Sean Garrett wrote: > We run Kerberos 5 On a KDC, on clients, or on application servers? By Kerberos 5, do you mean MIT krb5, and if so, what version?
> and occasionally we have some Windows boxes (2008r2, 2012...) Are you using Kerberos for Windows on these clients, or just native Microsoft Kerberos? If you're using the native Microsoft Kerberos, how are you getting the clients to interoperate with an MIT krb5 KDC, if that's what you are doing? > that appear to hang on to old credentials after you change your password. In the Kerberos model, changing your password does not invalidate existing tickets. However, if the Microsoft login system is saving the password and using it to periodically get new tickets, a password change would obviously interfere with that. I unfortunately don't know enough about the Microsoft login system to know whether it does that or how it can be made to continue working after a password change. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos