[7013] in Kerberos
Kerberos installation
daemon@ATHENA.MIT.EDU (Dennis Putnam)
Thu Apr 4 12:02:28 1996
Date: Thu, 4 Apr 1996 11:46:03 -0500 (EST)
From: Dennis Putnam <putnamd@atlodbs1.hayes.com>
Reply-To: putnamd@MIT.EDU.hayes.com
To: kerberos@MIT.EDU
I have installed Kerberos V5 per the installation instructions and, as a newbie,
am obviously missing something basic. I can edit the database via kdb5_edit and
can provide tickets to clients (kinit, klist work). However, I cannot change
passwords as a user (kpasswd and kadmin do not work). After being prompted
for the old password the following error occurs:
Unable to Get Initial Credentials : Server not found in Kerberos database -17653
28377
Protocol Failure - Password NOT changed
It seems to imply that something needs to be in the database for each
client host that wants to use kpasswd (and presumably kadmin). After reading
the instructions several times I cannot find any reference to how those
entries are entered. Can some one please tell me the format and which
command I need to use (ark???) to tell the KDC that users on a specific host
can change their password and where in the documentation this is described?
Also, I had previously asked how password policies are enforced with Kerberos
but got no response. I'll ask again, how does one enforce password policy
(minimum lengths, expire passwords that are too old, dictionary of forbidden
passwords, etc.)?
Thanks in advance for the help.
---
Dennis Putnam, Manager
Technical Planning and Services
Hayes Microcomputer Products, Inc.
