S
Simon
I'm trying to configure my UNIX and Linux boxes to authenticate via
Kerberos services provided by Win2K. Things are mostly working except
for expired password - login is still allowed on the Unix/Linux boxes
even after passwords have either passed age limit or been set to
"change on next logon". I have traced this down to the Windows 2000
kerberos service not replying to the client with a
"KDC_ERR_KEY_EXPIRED" error.
I have setup Kerberos on UNIX and compared the traces, and indeed this
is the message that should be returned (and is by the UNIX Kerberos
server) to prompt for a password change.
So, what is the reason that MS Kerberos service doesn't respond
correctly? Server is Windows 2000 SP4. Is there a setting somewhere
that would affect this response?
Kerberos services provided by Win2K. Things are mostly working except
for expired password - login is still allowed on the Unix/Linux boxes
even after passwords have either passed age limit or been set to
"change on next logon". I have traced this down to the Windows 2000
kerberos service not replying to the client with a
"KDC_ERR_KEY_EXPIRED" error.
I have setup Kerberos on UNIX and compared the traces, and indeed this
is the message that should be returned (and is by the UNIX Kerberos
server) to prompt for a password change.
So, what is the reason that MS Kerberos service doesn't respond
correctly? Server is Windows 2000 SP4. Is there a setting somewhere
that would affect this response?