On Thu, 2013-06-06 at 20:41 +0000, Joaquin Cabrera wrote:
> Hi,
>
>
> We found the following problem when working with personal certificates.
>
> We have a system in java using certificates at the time of signing, the
> certificates stop working when the user performs a password change.
>
> Customers are connected to the domain Samba4, mainly are pc with windows 7 or
> vista. This error does not happen with certificates if the equipment is in a
> workgroup.
>
> We also found that if the user change back to the previous password can sign
> correctly.
>
> Reinstall Cetificates whenever the user changes their password is not an
> option, because we want to implement a policy requiring change passwords
> every three months.
>
> The samba versiĆ³n is 4.0.3
That is very odd. X.509 certificates presented to our KDC for PK-INIT are not
checked against a password in any way - it is entirely up to the validity of
the certificate.
Can you show the error shown on the KDC when the certificate is
rejected?
Or are you referring to some other certificate system?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
