Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 2.19. What does krb524d do? Do I need to run it? Next Document: 2.21. How do a rename a principal? See reader questions & answers on this topic! - Help others by sharing your knowledge The v5passwdd daemon implements the "old" Kerberos 5 password changing protocol (before OpenVision donated their admin server). This protocol is used by a few Kerberos 5 clients; the only ones I know of are the MIT Win32 Kerberos client, and some Xyplex terminal servers. If you don't have any programs that use this protocol, or you don't want people who use those clients to be able to change their password, then you don't need to run it. If you do need to run it, you'll need to do the following things: * Create a special changepw principal, of the form: o changepw/YOUR.REALM@YOUR.REALM Make sure this principal has the same attributes as the kadmin/changepw principal; specificially, set the DISALLOW_TGS_REQ and PASSWORD_CHANGING_SERVICE attributes. * Add this principal's key to the admin keytab (see the original installation instructions for this procedure) * Start the v5passwdd with the following sample command line: o v5passwdd -port 464 -T /path/to/admin/keytab User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 2.19. What does krb524d do? Do I need to run it? Next Document: 2.21. How do a rename a principal? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: