[30593] in Kerberos
RE: computer account change password with Windows 2008 domain
daemon@ATHENA.MIT.EDU (Tim Alsop)
Wed Jan 7 10:01:26 2009
From: Tim Alsop <Tim.Alsop@CyberSafe.com>
To: Michael Engemann <engemam@uni-muenster.de>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Wed, 7 Jan 2009 14:56:52 +0000
Message-ID: <1A136DCE57F98F4B8BAB5FFC69C8E6DA21E4902EEF@exchange.cybersafe.local>
In-Reply-To: <B9FF9EF243E4FA488E3C48DEC932F49137698D35DC@EXCHANGE.wwu.de>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
We are able to change/set passwords using Kerberos/GSS-API/SASL/LDAP when using Active Directory on Windows Server 2008.
Thanks,
Tim
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Michael Engemann
Sent: 07 January 2009 14:46
To: kerberos@mit.edu
Subject: computer account change password with Windows 2008 domain
Hi,
we are also experiencing the bug in Windows Server 2008 that was mentionend on this list in April 2008 by Russ Allberry:
* Microsoft broke password changes via the LDAP protocol with SASL GSSAPI
binds in Windows 2008. In Windows 2003, provided that you didn't try to
negotiate an SASL privacy layer, you could connect via TLS and
authenticate with GSSAPI and query or set the password attribute
directly. In Windows 2008, this no longer works; you always get the
error from the server that you are not permitted to negotiate a privacy
layer when using TLS, even though you're not trying to. We've already
filed this as a bug.
Are there probably any news about a fix or a known workaround?
Thanks in advance,
Michael
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
