Yes, the bug was filed to fix MIT's kadmind to accept RPCSEC_GSS change password. However, there are more fixes required in MIT's code base that need to be made to ensure that temporary or lingering ccaches can not be used to commandeer new changepw service tickets. This would involved changes to their kdb5_util to create the associated service principal correctly.
In the mean time you can resolve this issue by setting kpasswd_protocol to SET_CHANGE in your s10's krb5.conf(4) file. This will allow you to change passwords using the older Horowitz protocol. I will submit another patch shortly to MIT for the kdb5_util changes for this. Thanks, Shawn. -- Kurt Adam wrote: > *sigh* Stupid clipboard tricks. >.< > > _This_ is the bug in question > http://mailman.mit.edu/pipermail/krb5-bugs/2005-May/003835.html > > > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org > > -- Shawn.
